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PREFACE 


Plato said, “God is a geometer.” Jacobi changed this to, “God is an arithmetician.” Then 
came Kronecker and fashioned the memorable expression, “God created the natural 
numbers, and all the rest is the work of man.” 

FELIX KLEIN 


The purpose of the present volume is to give a simple account of classical number 
theory, and to impart some of the historical background in which the subject evolved. 
Although primarily intended for use as a textbook in a one-semester course at the 
undergraduate level, it is designed to be used in teachers’ institutes or as supplemen- 
tary reading in mathematics survey courses. The work is well suited for prospective 
secondary school teachers for whom a little familiarity with number theory may be 
particularly helpful. 

The theory of numbers has always occupied a unique position in the world of 
mathematics. This is due to the unquestioned historical importance of the subject: it 
is one of the few disciplines having demonstrable results that predate the very idea 
of a university or an academy. Nearly every century since classical antiquity has 
witnessed new and fascinating discoveries relating to the properties of numbers; and, 
at some point in their careers, most of the great masters of the mathematical sciences 
have contributed to this body of knowledge. Why has number theory held such an 
irresistible appeal for the leading mathematicians and for thousands of amateurs? 
One answer lies in the basic nature of its problems. Although many questions in the 
field are extremely hard to decide, they can be formulated in terms simple enough 
to arouse the interest and curiosity of those with little mathematical training. Some 
of the simplest sounding questions have withstood intellectual assaults for ages and 
remain among the most elusive unsolved problems in the whole of mathematics. 

It therefore comes as something of a surprise to find that many students look 
upon number theory with good-humored indulgence, regarding it as a frippery on 
the edge of mathematics. This no doubt stems from the widely held view that it 
is the purest branch of pure mathematics and from the attendant suspicion that it 
can have few substantive applications to real-world problems. Some of the worst 
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offenders, when it comes to celebrating the uselessness of their subject, have been 
number theorists themselves. G. H. Hardy, the best known figure of 20th century 
British mathematics, once wrote, “Both Gauss and lesser mathematicians may be 
justified in rejoicing that there is one science at any rate, and that their own, whose 
very remoteness from ordinary human activities should keep it clean and gentle.” 
The prominent role that this “clean and gentle” science played in the public-key 
cryptosystems (Section 10.1) may serve as something of a reply to Hardy. Leaving 
practical applications aside, the importance of number theory derives from its central 
position in mathematics; its concepts and problems have been instrumental in the 
creation of large parts of mathematics. Few branches of the discipline have absolutely 
no connection with the theory of numbers. 

The past few years have seen a dramatic shift in focus in the undergraduate 
curriculum away from the more abstract areas of mathematics and toward applied 
and computational mathematics. With the increasing latitude in course choices, one 
commonly encounters the mathematics major who knows little or no number theory. 
This is especially unfortunate, because the elementary theory of numbers should 
be one of the very best subjects for early mathematical instruction. It requires no 
long preliminary training, the content is tangible and familiar, and—more than in any 
other part of mathematics—the methods of inquiry adhere to the scientific approach. 
The student working in the field must rely to a large extent upon trial and error, in 
combination with his own curiosity, intuition, and ingenuity; nowhere else in the 
mathematical disciplines is rigorous proof so often preceded by patient, plodding 
experiment. If the going occasionally becomes slow and difficult, one can take 
comfort in that nearly every noted mathematician of the past has traveled the same 
arduous road. 

There is a dictum that anyone who desires to get at the root of a subject should 
first study its history. Endorsing this, we have taken pains to fit the material into the 
larger historical frame. In addition to enlivening the theoretical side of the text, the 
historical remarks woven into the presentation bring out the point that number theory 
is not a dead art, but a living one fed by the efforts of many practitioners. They reveal 
that the discipline developed bit by bit, with the work of each individual contributor 
built upon the research of many others; often centuries of endeavor were required 
before significant steps were made. A student who is aware of how people of genius 
stumbled and groped their way through the creative process to arrive piecemeal at 
their results is less likely to be discouraged by his or her own fumblings with the 
homework problems. 

A word about the problems. Most sections close with a substantial number of 
them ranging in difficulty from the purely mechanical to challenging theoretical 
questions. These are an integral part of the book and require the reader’s active 
participation, for nobody can learn number theory without solving problems. The 
computational exercises develop basic techniques and test understanding of con- 
cepts, whereas those of a theoretical nature give practice in constructing proofs. 
Besides conveying additional information about the material covered earlier, the 
problems introduce a variety of ideas not treated in the body of the text. We have on 
the whole resisted the temptation to use the problems to introduce results that will 
be needed thereafter. As a consequence, the reader need not work all the exercises 
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in order to digest the rest of the book. Problems whose solutions do not appear 
straightforward are frequently accompanied by hints. 

The text was written with the mathematics major in mind; it is equally valuable 
for education or computer science majors minoring in mathematics. Very little is 
demanded in the way of specific prerequisites. A significant portion of the book can be 
profitably read by anyone who has taken the equivalent of a first-year college course 
in mathematics. Those who have had additional courses will generally be better 
prepared, if only because of their enhanced mathematical maturity. In particular, a 
knowledge of the concepts of abstract algebra is not assumed. When the book is 
used by students who have had an exposure to such matter, much of the first four 
chapters can be omitted. 

Our treatment is structured for use in a wide range of number theory courses, of 
varying length and content. Even acursory glance at the table of contents makes plain 
that there is more material than can be conveniently presented in an introductory 
one-semester course, perhaps even enough for a full-year course. This provides 
flexibility with regard to the audience, and allows topics to be selected in accordance 
with personal taste. Experience has taught us that a semester-length course having 
the Quadratic Reciprocity Law as a goal can be built up from Chapters 1 through 
9. It is unlikely that every section in these chapters need be covered; some or all of 
Sections 5.4, 6.2, 6.3, 6.4, 7.4, 8.3, 8.4, and 9.4 can be omitted from the program 
without destroying the continuity in our development. The text is also suited to 
serve a quarter-term course or a six-week summer session. For such shorter courses, 
segments of further chapters can be chosen after completing Chapter 4 to construct 
a rewarding account of number theory. 

Chapters 10 through 16 are almost entirely independent of one another and so 
may be taken up or omitted as the instructor wishes. (Probably most users will want 
to continue with parts of Chapter 10, while Chapter 14 on Fibonacci numbers seems 
to be a frequent choice.) These latter chapters furnish the opportunity for additional 
reading in the subject, as well as being available for student presentations, seminars, 
or extra-credit projects. 

Number theory is by nature a discipline that demands a high standard of rigor. 
Thus our presentation necessarily has its formal aspect, with care taken to present 
clear and detailed arguments. An understanding of the statement of a theorem, not 
the proof, is the important issue. But a little perseverance with the demonstration 
will reap a generous harvest, for our hope is to cultivate the reader’s ability to follow 
a causal chain of facts, to strengthen intuition with logic. Regrettably, it is all too 
easy for some students to become discouraged by what may be their first intensive 
experience in reading and constructing proofs. An instructor might ease the way 
by approaching the beginnings of the book at a more leisurely pace, as well as 
restraining the urge to attempt all the interesting problems. 


NEW TO THIS EDITION 


Readers familiar with the previous edition will find that this one has the same general 
organization and content. Nevertheless, the preparation of this sixth edition has 
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provided the opportunity for making a number of small improvements, and several 
more significant ones. 

The advent and general accessibility of fast computers has had a profound effect 
on almost all aspects of number theory. This influence has been particularly felt in 
the areas of primality testing, integers factorization, and cryptographic applications. 
Consequently, the exposition on cryptosystems has been considerably expanded 
and now appears as Chapters 10, Introduction to Cryptography. Section 10.3, An 
Application of Primitive Roots to Crytography, introduces the recently developed 
ElGamal cryptosystem; the security of this encryption scheme relies on primitive 
roots of large prime numbers. Another addition with an applied flavor is the inclusion 
of the continued fraction factoring algorithm in Section 16.2. (An understanding of 
the procedure does not require a detailed reading of Chapter 15.) The expanded 
Section 16.2 now treats three techniques currently used in factoring large composite 
numbers: Pollard’s rho-method, the continued fraction algorithm, and the quadratic 
sieve. An instructor who wishes to include computational number theory should find 
these optional topics particularly appealing. 

There are others less-pronounced, but equally noteworthy, changes in the text. 
Chapter 14, in which Fibonacci numbers are discussed, has undergone a modest 
enlargement and reorganization, with Fibonacci’s biography now featured as Section 
14.1. The resolution of certain challenging conjectures—especially the confirmation 
of the Catalan Conjecture and that of the composite nature of the monstrous Fermat 
number F3;—likewise receives our attention. These striking achievements affirm 
once again the vitality of number theory as an area of research mathematics. 

Beyond these specific modifications are a number of relatively minor enhance- 
ments: several more problems have been added, reference and suggested readings 
brought up to date, and certain numerical information kept current in light of the 
latest findings. An attempt has been made to correct any minor errors that crept into 
the previous edition. 
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PRELIMINARIES 


Number was born in superstition and reared in mystery, ... numbers were once 
made the foundation of religion and philosophy, and the tricks of figures 

have had a marvellous effect on a credulous people. 

F. W. PARKER 


1.1 MATHEMATICAL INDUCTION 


The theory of numbers is concerned, at least in its elementary aspects, with properties 
of the integers and more particularly with the positive integers 1, 2, 3,... (also 
known as the natural numbers). The origin of this misnomer harks back to the 
early Greeks for whom the word number meant positive integer, and nothing else. 
The natural numbers have been known to us for so long that the mathematician 
Leopold Kronecker once remarked, “God created the natural numbers, and all the 
rest is the work of man.” Far from being a gift from Heaven, number theory has 
had a long and sometimes painful evolution, a story that is told in the ensuing 
pages. 

We shall make no attempt to construct the integers axiomatically, assuming 
instead that they are already given and that any reader of this book is familiar with 
many elementary facts about them. Among these is the Well-Ordering Principle, 
stated here to refresh the memory. 


Well-Ordering Principle. Every nonempty set S of nonnegative integers contains a 
least element; that is, there is some integer a in S such that a < b for all b’s belonging 
to S. 
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Because this principle plays a critical role in the proofs here and in subsequent 
chapters, let us use it to show that the set of positive integers has what is known as 
the Archimedean property. 


Theorem 1.1 Archimedean property. If a and b are any positive integers, then 
there exists a positive integer n such that na > b. 


Proof. Assume that the statement of the theorem is not true, so that for some a and b, 
na < b for every positive integer n. Then the set 


S = {b — na | n a positive integer} 


consists entirely of positive integers. By the Well-Ordering Principle, S will possess a 
least element, say, b — ma. Notice that b — (m + 1)a also lies in S, because S contains 
all integers of this form. Furthermore, we have 


b—(m+l)a =(b—ma)—a<b-—ma 


contrary to the choice of b — ma as the smallest integer in S. This contradiction arose 
out of our original assumption that the Archimedean property did not hold; hence, this 
property is proven true. 


With the Well-Ordering Principle available, it is an easy matter to derive the First 
Principle of Finite Induction, which provides a basis for a method of proof called 
mathematical induction. Loosely speaking, the First Principle of Finite Induction 
asserts that if a set of positive integers has two specific properties, then it is the set 
of all positive integers. To be less cryptic, we state this principle in Theorem 1.2. 


Theorem 1.2 First Principle of Finite Induction. Let S be a set of positive integers 
with the following properties: 


(a) The integer 1 belongs to S. 
(b) Whenever the integer k is in S, the next integer k + 1 must also be in S. 


Then S is the set of all positive integers. 


Proof. Let T be the set of all positive integers not in S$, and assume that 7 is nonempty. 
The Well-Ordering Principle tells us that T possesses a least element, which we denote 
by a. Because 1 is in S, certainly a > 1, andso0 < a — 1 <a. The choice of a as the 
smallest positive integer in T implies that a — 1 is not a member of T, or equivalently 
that a — 1 belongs to S. By hypothesis, S must also contain (a — 1) + 1 =a, which 
contradicts the fact that a lies in T. We conclude that the set 7 is empty and in 
consequence that S contains all the positive integers. 


Here is a typical formula that can be established by mathematical induction: 


n(2n + = +1) as 


forn = 1,2,3,.... In anticipation of using Theorem 1.2, let S denote the set of 
all positive integers n for which Eq. (1) is true. We observe that when n = 1, the 


a, an: ae ee 
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formula becomes 
_ 12+ 1)14+1) _ 
— —— — 


This means that 1 is in S. Next, assume that k belongs to S (where k is a fixed but 
unspecified integer) so that 


1? 1 


— k(2k + Yk + 1) 
——— 


To obtain the sum of the first k + 1 squares, we merely add the next one, (k + 1)’, 
to both sides of Eq. (2). This gives 


[Po eee (2) 


k(2k + 1)(k + 1) 
6 


7427 4---+h +(k+1¥ = + (k +1)° 


After some algebraic manipulation, the right-hand side becomes 


2 
(oa) poe =«+0[7 tm HS) 
 (k +:1)(2k + 3)(k + 2) 

7 6 


which is precisely the right-hand member of Eq. (1) whenn = k + 1. Our reasoning 
shows that the set S contains the integer k + 1 whenever it contains the integer k. 
By Theorem 1.2, S must be all the positive integers; that is, the given formula is true 
forn = 1, 2,3,.... 

Although mathematical induction provides a standard technique for attempting 
to prove a statement about the positive integers, one disadvantage is that it gives no 
aid in formulating such statements. Of course, if we can make an “educated guess” 
at a property that we believe might hold in general, then its validity can often be 
tested by the induction principle. Consider, for instance, the list of equalities 


= | 
L+2=3 
14+24+24=7 


14242742? =15 
14+2+27+2342*=31 
bel) 2 a 63 
We seek a rule that gives the integers on the right-hand side. After a little reflection, 
the reader might notice that 
1=2-1 3S 2-21. Feel 
Is=24*-1 31=2-1 63=2°-1 


(How one arrives at this observation is hard to say, but experience helps.) The pattern 
emerging from these few cases suggests a formula for obtaining the value of the 
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expression 1 + 2+ 2742? +.--+2"7|; namely, 
1424+274+274..-427'=7"-1 (3) 


for every positive integer n. 

To confirm that our guess is correct, let S be the set of positive integers n for 
which Eq. (3) holds. For n = 1, Eq. (3) is certainly true, whence 1 belongs to the set 
S. We assume that Eq. (3) is true for a fixed integer k, so that for this k 
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and we attempt to prove the validity of the formula for k + 1. Addition of the term 
2* to both sides of the last-written equation leads to 


[es 9 eee eee a 
=2-2*-1=2*t'-1 


But this says that Eq. (3) holds when n = k + 1, putting the integer k + 1 in S so 
that k + 1 is in S whenever k is in S. According to the induction principle, S must 
be the set of all positive integers. 


Remark. When giving induction proofs, we shall usually shorten the argument by 
eliminating all reference to the set S, and proceed to show simply that the result in 
question is true for the integer 1, and if true for the integer k is then also true for k + 1. 


We should inject a word of caution at this point, to wit, that one must be careful 
to establish both conditions of Theorem 1.2 before drawing any conclusions; neither 
is sufficient alone. The proof of condition (a) is usually called the basis for the 
induction, and the proof of (b) is called the induction step. The assumptions made in 
Carrying out the induction step are known as the induction hypotheses. The induction 
situation has been likened to an infinite row of dominoes all standing on edge and 
arranged in such a way that when one falls it knocks down the next in line. If either 
no domino is pushed over (that is, there is no basis for the induction) or if the spacing 
is too large (that is, the induction step fails), then the complete line will not fall. 

The validity of the induction step does not necessarily depend on the truth of 
the statement that one is endeavoring to prove. Let us look at the false formula 


14+34+5+---+(2n-1) =n’ 43 (A) 
Assume that this holds for n = k; in other words, 
143454+---+(2k-1l =k? +3 
Knowing this, we then obtain 
14+3+54+---+(2k—-1)+ (2k +1) =k? +342k4+1 
=(k+1)%+3 


which is precisely the form that Eq. (4) should take when n =k + 1. Thus, if 
Eq. (4) holds for a given integer, then it also holds for the succeeding integer. It 
is not possible, however, to find a value of n for which the formula is true. 
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There is a variant of the induction principle that is often used when Theorem 1.2 
alone seems ineffective. As with the first version, this Second Principle of Finite In- 
duction gives two conditions that guarantee a certain set of positive integers actually 
consists of all positive integers. This is what happens: We retain requirement (a), but 
(b) is replaced by 


(b’) Ifk is a positive integer such that 1, 2,..., k belong to S, then k + 1 must also 
bein S. 


The proof that S consists of all positive integers has the same flavor as that of 
Theorem 1.2. Again, let 7 represent the set of positive integers not in S. Assuming 
that T is nonempty, we choose n to be the smallest integer in 7. Then n > 1, 
by supposition (a). The minimal nature of 1 allows us to conclude that none of the 
integers 1, 2,..., — 1 liesin 7, or, if we prefer a positive assertion, 1,2,...,n — 1 
all belong to S. Property (b’) then puts n = (n — 1) + 1 in S, which is an obvious 
contradiction. The result of all this is to make T empty. 

The First Principle of Finite Induction is used more often than is the Second; 
however, there are occasions when the Second is favored and the reader should be 
familiar with both versions. It sometimes happens that in attempting to show that 
k + 11s amember of S, we require proof of the fact that not only k, but all positive 
integers that precede k, lie in S. Our formulation of these induction principles has 
been for the case in which the induction begins with 1. Each form can be generalized 
to start with any positive integer ng. In this circumstance, the conclusion reads as 
“Then S§ is the set of all positive integers n > no.” 

Mathematical induction is often used as a method of definition as well as a 
method of proof. For example, a common way of introducing the symbol n! (pro- 
nounced “‘n factorial’’) is by means of the inductive definition 


(a) 1! = 1, 
(b) n!=n-(n—1)! forn > 1. 
This pair of conditions provides a rule whereby the meaning of n! is specified for 
each positive integer n. Thus, by (a), 1! = 1; (a) and (b) yield 
22 IS 1 
while by (b), again, 
gS 32S 33221 


Continuing in this manner, using condition (b) repeatedly, the numbers 1!, 2!,3!,..., 
n! are defined in succession up to any chosen n. In fact, 


ni=n-(n—1)---3-2-1] 


Induction enters in showing that 1!, as a function on the positive integers, exists and 
is unique; however, we shall make no attempt to give the argument. 

It will be convenient to extend the definition of n! to the case in which n = 0 
by stipulating that O! = 1. 
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Example 1.1. To illustrate a proof that requires the Second Principle of Finite Induc- 
tion, consider the so-called Lucas sequence: 


1,3,4, 7, 11, 18, 29, 47, 76,... 


Except for the first two terms, each term of this sequence is the sum of the preceding 
two, so that the sequence may be defined inductively by 


— ] 
az = 3 
An = An—1 + An-2 for alln > 3 


We contend that the inequality 
An < (7/4)" 


holds for every positive integer n. The argument used is interesting because in the 
inductive step, it is necessary to know the truth of this inequality for two successive 
values of n to establish its truth for the following value. 

First of all, form = 1 and 2, we have 


aj=1<(7/4'=7/4 and a =3 < (7/4) = 49/16 


whence the inequality in question holds in these two cases. This provides a basis for 
the induction. For the induction step, choose an integer k > 3 and assume that the 
inequality is valid forn = 1, 2,...,k — 1. Then, in particular, 


aeq2/4e and ace =) 
By the way in which the Lucas sequence is formed, it follows that 


Ap = Ap) + Apr < (7/4)! + 7/4)" ? 
= (7/4)*-*(7/4+ 1) 
= (7/4)*-*(11/4) 
< (7/4)*7(7/4)* = (7/4) 


Because the inequality is true for n = k whenever it is true for the integers 1, 2, . 
k — 1, we conclude by the second induction principle that a, < (7/4)" for alln > 1. 


Among other things, this example suggests that if objects are defined inductively, 
then mathematical induction is an important tool for establishing the properties of 
these objects. 


PROBLEMS 1.1 


1. Establish the formulas below by mathematical induction: 


1 
(a) L+24+34--tn=*? foran> 1, 


(bt) 1+34+5+---+(2n —1) =n’ foralln > 1. 
1 D 
(c) [-242-343-44-4tn(nt 1) = TOT for altn 2 1. 


10. 


11. 
12. 
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— n(2n — 1)(2n + 1) 


(dy 17437 457 eee Qn = [77 for alln > 1. 


n(n + 1) 


2 
for alln > 1. 
2 


(e) P+P4P +--+ =| 


. Ifr ~ 1, show that for any positive integer n, 


a(r”t! = 1) 


atar+ar?+---+ar" = 1 
r-— 


. Use the Second Principle of Finite Induction to establish that for all n > 1, 


G=aTeGHa=ha te aa Siete) 
[Hint: a"! —1 = (a + 1)(a” — 1) —a(a"™™! - 1).] 


. Prove that the cube of any integer can be written as the difference of two squares. [Hint: 


Notice that 


WS 42 ea a ee ee 1) 


. (a) Find the values of n < 7 for which n! + 1 is a perfect square (it is unknown whether 


n! + 1 is a square for any n > 7). 
(b) True or false? For positive integers m and n, (mn)! = m!n! and(m +n)! =m!-+n!. 


. Prove that n! > n? for every integer n > 4, whereas n! > n° for every integer n > 6. 
. Use mathematical induction to derive the following formula for all n > 1: 


11!) + 222!) + 33!) +---+n(n!l)=(n+1)!-1 


. (a) Verify that for alln > 1, 


2n)! 
2-6-10-14.-.-... Anwiayese? 


n! 


(b) Use part (a) to obtain the inequality 2”(n!)* < (2n)! for alln > 1. 


. Establish the Bernoulli inequality: If 1 + a > 0, then 


(l+a)" >1+na 


for alln > 1. 

For all n > 1, prove the following by mathematical induction: 
1 ] 1 1 
— —— — heat ee 

oe Cae haa ae 
1 2 3 n n+2 

Oe ee ot ae 


Show that the expression (2n)!/2"n! is an integer for all n > 0. 
Consider the function defined by 


3n+ 1] 


for n odd 
T(n) = 

~ fe en 

5 Or 7 ev 
The 3n + 1 conjecture is the claim that starting from any integer n > 1, the sequence 
of iterates T(n), T(T(n)), T(T(T(n))), ..., eventually reaches the integer 1 and subse- 
quently runs through the values 1 and 2. This has been verified for alln < 10!©, Confirm 
the conjecture in the cases n = 21 andn = 23. 
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13. Suppose that the numbers a, are defined inductively by a; = 1, az = 2,a3 = 3, and 
An = An—| + An—2 + An—3 for all n > 4. Use the Second Principle of Finite Induction to 
show that a, < 2” for every positive integer n. 

14. If the numbers a, are defined by a; = 11, ag = 21, and a, = 3a,_1 — 2a,_2 forn => 3, 
prove that 


a, =5-2"°4+1 n> 1 


12 THE BINOMIAL THEOREM 


Closely connected with the factorial notation are the binomial coefficients (;,). For 
any positive integer n and any integer k satisfying 0 < k < n, these are defined by 


n = n} 
=a 


By canceling out either k! or (n — k)!, (7) can be written as 
ny Wh l)ee(Ka ly nal) — he I) 
kk) (n —k)! 7 k! 

For example, with n = 8 and k = 3, we have 


g ee ee ee 
3) 315! 5! a) oon 


Also observe that if k = 0 or k = n, the quantity 0! appears on the right-hand side 
of the definition of ( ‘ ); because we have taken 0! as 1, these special values of k give 


()-(2)- 


There are numerous useful identities connecting binomial coefficients. One that we 
require here is Pascal’s rule: 


G)e(eti)a(CE) 1st 


Its proof consists of multiplying the identity 

] Ff 1 _ n+ 1 

ko n-k+1 k—k+1) 
by n!/(k — 1)!(n — k)! to obtain 


n!} n! 
k(k — 1)!(n — k)! bs (k-—1)'(n-—k+1)n—-k)! 
(n+ 1)n! 


~ kk — Din —k + 1(n — b! 
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Falling back on the definition of the factorial function, this says that 
n} n! (n+ 1)! 


RG! copia ke Dl Bal): 
from which Pascal’s rule follows. 
This relation gives rise to a configuration, known as Pascal’s triangle, in which 
the binomial coefficient (7) appears as the (k + 1)th number in the nth row: 


1 1 
| ae | 
Il 3 3 1 
1 4 6 4 #1 
I 5 10 10 5 1 
1 6 15 20 15 6 1 


The rule of formation should be clear. The borders of the triangle are composed of 
1’s; a number not on the border is the sum of the two numbers nearest it in the row 
immediately above. 

The so-called binomial theoremis in reality a formula for the complete expansion 
of (a + b)", n > 1, into a sum of powers of a and b. This expression appears with 
great frequency in all phases of number theory, and it is well worth our time to look 
at it now. By direct multiplication, it is easy to verify that 

(at+b)'=a+b 
(a+b) =a*4+2ab4+ Ph? 
(a+b) =a? + 3a7b + 3ab* + b? 
(a + b)* = a* + 4a7b 4+ 6a7b* + 4ab? + b*, etc. 
The question is how to predict the coefficients. A clue lies in the observation that 


the coefficients of these first few expansions form the successive rows of Pascal’s 
triangle. This leads us to suspect that the general binomial expansion takes the form 


(a +b)" _ (5) a" A (7) arto (5 ) are" 


n n—| n n 
tet ("Jab +(")e 
or, written more compactly, 


ator = yo (p) arte 


k=0 


Mathematical induction provides the best means for confirming this guess. When 
n = 1, the conjectured formula reduces to 


1 
(a +b)! tS oes = (218+ (|) ate =a+b 


k=0 
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which is certainly correct. Assuming that the formula holds for some fixed integer 
m, we go on to show that it also must hold for m + 1. The starting point is to notice 
that 


(a+b)y"™*! =a(a+b)"+b(a+b)" 
Under the induction hypothesis, 


a(a aE by” = > i qi —k+1 pk 


k=0 
_ m+ “\ (m m+1—k pk 
=a + (Z)e b 


and 


J= 


wa +o" => (" arial 
= = m m+1—k yk m+1 
= (i )¢ b* +b 


Upon adding these expressions, we obtain 


(a ee 7) did = qgnt! + Ss le ge *] gmt l—k pk 4 prt 


f=1 
m+1 
= > wr ') ginti-kpk 
k=0 


which is the formula in the case n = m + 1. This establishes the binomial theorem 
by induction. 

Before abandoning these ideas, we might remark that the first acceptable for- 
mulation of the method of mathematical induction appears in the treatise Traité du 
Triangle Arithmetiqué, by the 17th century French mathematician and philosopher 
Blaise Pascal. This short work was written in 1653, but not printed until 1665 be- 
cause Pascal had withdrawn from mathematics (at the age of 25) to dedicate his 
talents to religion. His careful analysis of the properties of the binomial coefficients 
helped lay the foundations of probability theory. 


PROBLEMS 1.2 


1. (a) Derive Newton’s identity 


PRELIMINARIES 
(b) Use part (a) to express (,) in terms of its predecessor: 
(i )="FH (i) eee 
. If 2<k <n —2, show that 
(i) = (622) +2i) +(e?) 


. Forn > 1, derive each of the identities below: 


@ (5)+(T)+(b) et (2) a2 


[Hint: Let a = b = 1 in the binomial theorem. ] 


w (3)-(1)+(3)---+er(") =0 
(c) “4 +2(5) +3(5) ttn (7) = n2"-, 


11 


[Hint: After expanding n(1 + b)"~! by the binomial theorem, let b = 1; note also 


that 


n("7')=a+0(,44)3 


n 1 /n lf/n (-I" (n\ 1 
of) a0)ra0) +S) eh 


[Hint: The left-hand side equals 


aal(8)- CE) +(CE) rer C2) 


. Prove the following for n > 1: 
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Pythagoras divided those who attended his lectures into two groups: the Pro- 
bationers (or listeners) and the Pythagoreans. After three years in the first class, a 
listener could be initiated into the second class, to whom were confided the main 
discoveries of the school. The Pythagoreans were a closely knit brotherhood, hold- 
ing all worldly goods in common and bound by an oath not to reveal the founder’s 
secrets. Legend has it that a talkative Pythagorean was drowned in a shipwreck as 
the gods’ punishment for publicly boasting that he had added the dodecahedron to 
the number of regular solids enumerated by Pythagoras. For a time, the autocratic 
Pythagoreans succeeded in dominating the local government in Croton, but a pop- 
ular revolt in 501 B.c. led to the murder of many of its prominent members, and 
Pythagoras himself was killed shortly thereafter. Although the political influence of 
the Pythagoreans thus was destroyed, they continued to exist for at least two centuries 
more as a philosophical and mathematical society. To the end, they remained a secret 
order, publishing nothing and, with noble self-denial, ascribing all their discoveries 
to the Master. 

The Pythagoreans believed that the key to an explanation of the universe lay in 
number and form, their general thesis being that “Everything is Number.” (By num- 
ber, they meant, of course, a positive integer.) For a rational understanding of nature, 
they considered it sufficient to analyze the properties of certain numbers. Pythagoras 
himself, we are told “seems to have attached supreme importance to the study of 
arithmetic, which he advanced and took out of the realm of commercial utility.” 

The Pythagorean doctrine is a curious mixture of cosmic philosophy and number 
mysticism, a sort of supernumerology that assigned to everything material or spiritual 
a definite integer. Among their writings, we find that 1 represented reason, for reason 
could produce only one consistent body of truth; 2 stood for man and 3 for woman; 
4 was the Pythagorean symbol for justice, being the first number that is the product 
of equals; 5 was identified with marriage, because it is formed by the union of 2 and 
3; and so forth. All the even numbers, after the first one, were capable of separation 
into other numbers; hence, they were prolific and were considered as feminine and 
earthy—and somewhat less highly regarded in general. Being a predominantly male 
society, the Pythagoreans classified the odd numbers, after the first two, as masculine 
and divine. 

Although these speculations about numbers as models of “things” appear friv- 
olous today, it must be borne in mind that the intellectuals of the classical Greek 
period were largely absorbed in philosophy and that these same men, because they 
had such intellectual interests, were the very ones who were engaged in laying the 
foundations for mathematics as a system of thought. To Pythagoras and his followers, 
mathematics was largely a means to an end, the end being philosophy. Only with 
the founding of the School of Alexandria do we enter a new phase in which the 
cultivation of mathematics was pursued for its own sake. 

It was at Alexandria, not Athens, that a science of numbers divorced from mystic 
philosophy first began to develop. For nearly a thousand years, until its destruction 
by the Arabs in 641 A.D., Alexandria stood at the cultural and commercial center of 
the Hellenistic world. (After the fall of Alexandria, most of its scholars migrated to 
Constantinople. During the next 800 years, while formal learning in the West all but 
disappeared, this enclave at Constantinople preserved for us the mathematical works 
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of the various Greek schools.) The so-called Alexandrian Museum, a forerunner of 
the modern university, brought together the leading poets and scholars of the day; 
adjacent to it there was established an enormous library, reputed to hold over 700,000 
volumes—hand-copied—at its height. Of all the distinguished names connected with 
the Museum, that of Euclid (fl. c.300 B.c.), founder of the School of Mathematics, 
is in a special class. Posterity has come to know him as the author of the Elements, 
the oldest Greek treatise on mathematics to reach us in its entirety. The Elements 
is a compilation of much of the mathematical knowledge available at that time, 
organized into 13 parts or Books, as they are called. The name of Euclid is so often 
associated with geometry that one tends to forget that three of the Books, VII, VIII, 
and IX, are devoted to number theory. 

Euclid’s Elements constitutes one of the great success stories of world literature. 
Scarcely any other book save the Bible has been more widely circulated or stud- 
ied. Over a thousand editions of it have appeared since the first printed version in 
1482, and before its printing, manuscript copies dominated much of the teaching of 
mathematics in Western Europe. Unfortunately, no copy of the work has been found 
that actually dates from Euclid’s own time; the modern editions are descendants of 
a revision prepared by Theon of Alexandria, a commentator of the 4th century A.D. 


PROBLEMS 2.1 
1. Each of the numbers 


1=1,3=14+2,6=14+24+3,10=14+2+3+44,... 


represents the number of dots that can be arranged evenly in an equilateral triangle: 


This led the ancient Greeks to call a number triangular if it is the sum of consecutive 

integers, beginning with 1. Prove the following facts concerning triangular numbers: 

(a) A number is triangular if and only if it is of the form n(n + 1)/2 for some n > 1. 
(Pythagoras, circa 550 B.C.) 

(b) The integer 7 is a triangular number if and only if 8n + 1 is a perfect square. (Plutarch, 
circa 100 A.D.) 

(c) The sum of any two consecutive triangular numbers is a perfect square. (Nicomachus, 
circa 100 A.D.) 

(d) Ifn is a triangular number, then so are 9n + 1, 25n + 3, and 49n + 6. (Euler, 1775) 

2. If t, denotes the nth triangular number, prove that in terms of the binomial coefficients, 


m= ("3') n> 1 


3. Derive the following formula for the sum of triangular numbers, attributed to the Hindu 
mathematician Aryabhata (circa 500 A_D.): 


l 2 
hththt the tO n> 1 


[Hint: Group the terms on the left-hand side in pairs, noting the identity %_; + = k?.] 
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(a) For n > 2, prove that 


)+()e()oe()=(89 


[Hint: Use induction, and Pascal’s rule.] 
(b) From part (a), and the relation m* = 2(') ) + m for m > 2, deduce the formula 


1)(2 1 
PEP EF pe pnt ETD 


(c) Apply the formula in part (a) to obtain a proof that 
n(n + 1)(n + 2) 


1-24+2-3+---+n(nt+)D= 3 


[Hint: Observe that (m — 1)m = 2(75 ).] 


. Derive the binomial identity 


2 A 6 2n n(n + 1)(4n — 1) 
G)+()+@)ror(Z)- Ss 


[Hint: For m > 2, (7"") =2(%) + m?.] 


. Forn > 1, verify that 


Pa 4h te np (F1) 


. Show that, forn > 1, 


(*") 7 1-3-5-+-Qn—1) 0 
me es 


n 


. Establish the inequality 2” < @) < 27" forn > 1. 


[Hint: Put x = 2-4-6---(Qn), y=1-3-5---(Qn—1), and z=1-2-3---n; show 
that x > y > z, hence x* > xy > xz.] 
The Catalan numbers, defined by 


1 2n)! 
i US wees 
n+1\n ni(n + 1)! 


form the sequence 1, 1, 2,5, 14, 42, 132, 429, 1430, 4862, .... They first appeared in 
1838 when Eugéne Catalan (1814-1894) showed that there are C,, ways of parenthesizing 
a nonassociative product of n + 1 factors. [For instance, when n = 3 there are five ways: 
((ab)c)d, (a(bc))d, a((bc)d), a(b(cd)), (ab)(ac).] For n > 1, prove that C, can be given 
inductively by 


_ 2Q2n —1) 


i ie! C24 
n+1 


CHAPTER 


2 


DIVISIBILITY THEORY IN THE INTEGERS 


Integral numbers are the fountainhead of all mathematics. 
H. MINKowskKI 


2.1 EARLY NUMBER THEORY 


Before becoming weighted down with detail, we should say a few words about 
the origin of number theory. The theory of numbers is one of the oldest branches 
of mathematics; an enthusiast, by stretching a point here and there, could extend 
its roots back to a surprisingly remote date. Although it seems probable that the 
Greeks were largely indebted to the Babylonians and ancient Egyptians for a core 
of information about the properties of the natural numbers, the first rudiments of an 
actual theory are generally credited to Pythagoras and his disciples. 

Our knowledge of the life of Pythagoras is scanty, and little can be said with any 
certainty. According to the best estimates, he was born between 580 and 562 B.c. on 
the Aegean island of Samos. It seems that he studied not only in Egypt, but may even 
have extended his journeys as far east as Babylonia. When Pythagoras reappeared 
after years of wandering, he sought out a favorable place for a school and finally 
settled upon Croton, a prosperous Greek settlement on the heel of the Italian boot. 
The school concentrated on four mathemata, or subjects of study: arithmetica (arith- 
metic, in the sense of number theory, rather than the art of calculating), harmonia 
(music), geometria (geometry), and astrologia (astronomy). This fourfold division 
of knowledge became known in the Middle Ages as the guadrivium, to which was 
added the trivium of logic, grammar, and rhetoric. These seven liberal arts came to 
be looked upon as the necessary course of study for an educated person. 
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. Prove that the square of any odd multiple of 3 is the difference of two triangular numbers; 


specifically, that 


9(2n + 1)? = ton44 — bandit 


. In the sequence of triangular numbers, find the following: 


(a) Two triangular numbers whose sum and difference are also triangular numbers. 
(b) Three successive triangular numbers whose product is a perfect square. 
(c) Three successive triangular numbers whose sum is a perfect square. 


. (a) If the triangular number f¢, is a perfect square, prove that t4yn41) 18 also a square. 


(b) Use part (a) to find three examples of squares that are also triangular numbers. 


. Show that the difference between the squares of two consecutive triangular numbers is 


always a cube. 


. Prove that the sum of the reciprocals of the first n triangular numbers is less than 2; that 


iS, 


[Hint: Observe that [5 = 25 — aqq)] 


. (a) Establish the identity t, = t, + t,, where 


> 
ee 


n(n + 3) 
2 Means “Get = g 
and n > 1, thereby proving that there are infinitely many triangular numbers that are 
the sum of two other such numbers. 
(b) Find three examples of triangular numbers that are sums of two other triangular 
numbers. 
Each of the numbers 


135=14+4,12=14+447,22=14+4+4+7+410,... 


represents the number of dots that can be arranged evenly in a pentagon: 


6 


The ancient Greeks called these pentagonal numbers. If p, denotes the nth pentagonal 
number, where p; = 1 and p, = Pp-; + (32 — 2) for n > 2, prove that 


ps nei 
Z 

For n > 2, verify the following relations between the pentagonal, square, and triangular 

numbers: 

(a) Pn = tn-1 + n? 

(b) Pr = Shh = 2h eh, 
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2.2 THE DIVISION ALGORITHM 


We have been exposed to relationships between integers for several pages and, as 
yet, not a single divisibility property has been derived. It is time to remedy this 
situation. One theorem, the Division Algorithm, acts as the foundation stone upon 
which our whole development rests. The result is familiar to most of us; roughly, it 
asserts that an integer a can be “divided” by a positive integer b in such a way that 
the remainder is smaller than is b. The exact statement of this fact is Theorem 2.1. 


Theorem 2.1 Division Algorithm. Given integers a and b, with b > 0, there exist 
unique integers g and r satisfying 


a=qb+r O<r<b 
The integers g andr are called, respectively, the quotient and remainder in the division 
of a by b. 
Proof. We begin by proving that the set 
S = {a — xb|x an integer; a — xb > 0} 


is nonempty. To do this, it suffices to exhibit a value of x making a — xb nonnegative. 
Because the integer b > 1, we have |a|b > |a|, and so 


a—(-—|a|)b=a+|la|b>a+la|>0 


For the choice x = —|a|, then, a — xb lies in S. This paves the way for an application 
of the Well-Ordering Principle (Chapter 1), from which we infer that the set S contains 
a smallest integer; call it. By the definition of S, there exists an integer g satisfying 


r=a-—qb O<r 
We argue that r < b. If this were not the case, then r > b and 
a—(q+1)b=(a-—qb)—b=r—-b=0 


The implication is that the integer a — (¢ + 1)b has the proper form to belong to the 
set S$. Buta —(q + 1)b =r —b <r, leading to a contradiction of the choice of r as 
the smallest member of S. Hence, r < b. 

Next we turn to the task of showing the uniqueness of g andr. Suppose that a has 
two representations of the desired form, say, 


a=qb+r=qb+r' 


where 0 <r < b,0 <r’ <b. Thenr’ —r = b(g — q’) and, owing to the fact that the 
absolute value of a product is equal to the product of the absolute values, 


lr’ —rl|=blq-q'| 


Upon adding the two inequalities —b <—r<0O and O0<r’ <b, we obtain 
—b <r’ —r <b or, in equivalent terms, |r’ —r| < b. Thus, b| gq — q’| < b, which 
yields 

Of |g=—¢ <1 


Because | q — q’ | is a nonnegative integer, the only possibility is that |g — q’| = 0, 
whence gq = q’; this, in turn, gives r = r’, ending the proof. 
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A more general version of the Division Algorithm is obtained on replacing the 
restriction that b must be positive by the simple requirement that b $ 0. 


Corollary. If a and b are integers, with b + 0, then there exist unique integers g and 
r such that 
a=qb+r O<r<|b| 
Proof. It is enough to consider the case in which D is negative. Then |b| > 0, and 
Theorem 2.1 produces unique integers qg’ and r for which 
a=q|b|+r O<r<|b| 
Noting that | b| = —b, wemaytakeg = —q’ toarriveata = gb +r,withO <r <|b|. 


To illustrate the Division Algorithm when b < 0, let us take b = —7. Then, for 
the choices of a = 1, —2, 61, and —59, we obtain the expressions 


1=0(-7)+1 
29745 

61 = (—8)(—7) +5 
—59 = 9(-7) +4 


We wish to focus our attention on the applications of the Division Algorithm, 
and not so much on the algorithm itself. As a first illustration, note that with b = 2 
the possible remainders are r = 0 andr = 1. Whenr = 0, the integer a has the form 
a = 2g and is called even; whenr = 1, the integer a has the form a = 2g + 1 and is 
called odd. Now a? is either of the form (2g)? = 4k or (2g + 1)? = 4g? +q¢)+1= 
4k + 1. The point to be made is that the square of an integer leaves the remainder 0 
or 1 upon division by 4. 

We also can show the following: The square of any odd integer is of the form 
8k + 1. For, by the Division Algorithm, any integer is representable as one of the 
four forms: 4g, 4g + 1, 4q¢ + 2, 4q + 3. In this classification, only those integers of 
the forms 4g + 1 and 4g + 3 are odd. When the latter are squared, we find that 


(4g + 1)? = 8(2qg7 +g) +1=8k+4+1 
and similarly 
(4g + 3)? = 8(2g7 +3g +1) +1=8k +1 


As examples, the square of the odd integer 7 is 77 = 49 = 8 - 6 + 1, and the square 
of 13 is 13* = 169 = 88-2141. 

As these remarks indicate, the advantage of the Division Algorithm is that it 
allows us to prove assertions about all the integers by considering only a finite 
number of cases. Let us illustrate this with one final example. 


Example 2.1. We propose to show that the expression a(a” + 2)/3 is an integer for 
all a > 1. According to the Division Algorithm, every a is of the form 3g, 3g + 1, or 
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3q +2. Assume the first of these cases. Then 


a(a? +2 
AAT = 499? +2) 


which clearly is an integer. Similarly, if a = 3g + 1, then 
(3q + 1)((3¢ + 1) +2) 

3 
and a(a* + 2)/3 is an integer in this instance also. Finally, for a = 3g + 2, we obtain 
(3q + 2)((3q + 2) +2) 

3 
an integer once more. Consequently, our result is established in all cases. 


= (3g + 1)(3q +2¢ +1) 


= (3g + 2)(3q7 + 4g + 2) 


PROBLEMS 2.2 


1. 


Ze 
3. 


9. 


10. 
11. 


Prove that if a and b are integers, with b > 0, then there exist unique integers g and r 
satisfying a = qb +r, where 2b <r < 3b. 

Show that any integer of the form 6k + 5 is also of the form 3/7 + 2, but not conversely. 
Use the Division Algorithm to establish the following: 

(a) The square of any integer is either of the form 3k or 3k + 1. 

(b) The cube of any integer has one of the forms: 9k, 9k + 1, or 9k + 8. 

(c) The fourth power of any integer is either of the form 5k or 5k + 1. 


. Prove that 3a” — 1 is never a perfect square. 


[Hint: Problem 3(a).] 


. Forn > 1, prove that n(n + 1)(2n + 1)/6 is an integer. 


[Hint: By the Division Algorithm, n has one of the forms 6k, 6k + 1,..., 6k + 5; estab- 
lish the result in each of these six cases. ] 


. Show that the cube of any integer is of the form 7k or 7k + 1. 
. Obtain the following version of the Division Algorithm: For integers a and b, withb + 0, 


there exist unique integers g and r that satisfy a = gb + r, where —3| b|<r< | b |. 
[Hint: First write a = q'b +r’, where <r’ <|b|.When0 <r’ < 3|b|,letr =r’ and 
q =q'; when 5$|b| <r’ <|b|,letr =r’ —|b| andg=q'+1ifb>0org=q'-1 
ifb <0.] 


. Prove that no integer in the following sequence is a perfect square: 


11,111,1111,11111,... 
[Hint: A typical term 111---111 can be written as 
111---111 =111---108+3 =4k+3.] 


Verify that if an integer is simultaneously a square and a cube (as is the case with 
64 = 8* = 4°), then it must be either of the form 7k or 7k + 1. 

For n > 1, establish that the integer n(7n* + 5) is of the form 6k. 

If n is an odd integer, show that n* + 4n* + 11 is of the form 16k. 


2.3 THE GREATEST COMMON DIVISOR 


Of special significance is the case in which the remainder in the Division Algorithm 
turns out to be zero. Let us look into this situation now. 
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Definition 2.1. An integer D is said to be divisible by an integer a £ 0, in symbols 
a|b, if there exists some integer c such that b = ac. We write a { b to indicate that b 
is not divisible by a. 


Thus, for example, —12 is divisible by 4, because —12 = 4(—3). However, 10 
is not divisible by 3; for there is no integer c that makes the statement 10 = 3c true. 

There is other language for expressing the divisibility relation a |b. We could 
say that a is a divisor of b, that a is a factor of b, or that b is a multiple of a. Notice 
that in Definition 2.1 there is a restriction on the divisor a: Whenever the notation 
a |b is employed, it is understood that a is different from zero. 

If a is a divisor of b, then b is also divisible by —a (indeed, b = ac implies that 
b = (—a)(—c)), so that the divisors of an integer always occur in pairs. To find all 
the divisors of a given integer, it is sufficient to obtain the positive divisors and then 
adjoin to them the corresponding negative integers. For this reason, we shall usually 
limit ourselves to a consideration of positive divisors. 

It will be helpful to list some immediate consequences of Definition 2.1. (The 
reader is again reminded that, although not stated, divisors are assumed to be 
nonzero. ) 


Theorem 2.2. For integers a, b, c, the following hold: 


(a) alO,1l|a,ala. 

(b) a|1 if and only ifa = +1. 

(c) Ifa|b and c|d, then ac | bd. 

(d) Ifa|bandb|c,thena|c. 

(e) a|b and b|a if and only if a = +b. 

(f) Ifa|b and b £0, then |a| <|b|. 

(g) Ifa|b anda|c, then a|(bx + cy) for arbitrary integers x and y. 


Proof. We shall prove assertions (f) and (g), leaving the other parts as an exercise. If 
a|b, then there exists an integer c such that b = ac; also, b 4 0 implies that c # 0. 
Upon taking absolute values, we get |b | = |ac| =|a||c|. Because c ¥ 0, it follows 
that |c| > 1, whence |b| =|a||c| => |a|. 

As regards (g), the relations a|b and a|c ensure that b = ar and c = as for 
suitable integers r and s. But then whatever the choice of x and y, 


bx +cy =arx +asy =a(rx+sy) 


Because rx + sy is an integer, this says that a | (bx + cy), as desired. 


It is worth pointing out that property (g) of Theorem 2.2 extends by induction 
to sums of more than two terms. That is, if a | b, fork = 1,2,...,n, then 


a | (by x, + box. + +++ + dy Xn) 


for all integers x,, x2,...,X,. The few details needed for the proof are so straight- 
forward that we omit them. 

If a and b are arbitrary integers, then an integer d is said to be a common 
divisor of a and b if both d|a and d|b. Because 1 is a divisor of every integer, 
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1 is acommon divisor of a and b; hence, their set of positive common divisors is 
nonempty. Now every integer divides zero, so that if a = b = 0, then every integer 
serves aS a common divisor of a and b. In this instance, the set of positive common 
divisors of a and b is infinite. However, when at least one of a or b is different from 
zero, there are only a finite number of positive common divisors. Among these, there 
is a largest one, called the greatest common divisor of a and b. We frame this as 
Definition 2.2. 


Definition 2.2. Let a and b be given integers, with at least one of them different from 
zero. The greatest common divisor of a and b, denoted by gcd(a, b), is the positive 
integer d satisfying the following: 


(a) d|aandd |b. 
(b) Ifc|a and c|b, then c < d. 


Example 2.2. The positive divisors of —12 are 1, 2, 3, 4, 6, 12, whereas those of 30 
are 1, 2, 3,5, 6, 10, 15, 30; hence, the positive common divisors of —12 and 30 are 1, 
2, 3, 6. Because 6 is the largest of these integers, it follows that gcd(—12 , 30) = 6. In 
the same way, we can show that 


gcd(—5 ,5) =5 gcd(8, 17) = 1 gcd(—8 , —36) = 4 
The next theorem indicates that gcd(a, b) can be represented as a linear com- 


bination of a and b. (By a linear combination of a and b, we mean an expression of 
the form ax + by, where x and y are integers.) This is illustrated by, say, 


gcd(—12, 30) = 6 = (—12)2 + 30-1 
or 
gcd(—8, —36) = 4 = (—8)4+ (—36)(—1) 
Now for the theorem. 
Theorem 2.3. Given integers a and b, not both of which are zero, there exist integers 
x and y such that 


ecd(a,b) = ax + by 


Proof. Consider the set S of all positive linear combinations of a and b: 
S = {au + by |au+ by > 0;u, v integers} 


Notice first that S is not empty. For example, ifa 4 0, then the integer|a| =au+b-0 
lies in S, where we choose u = 1 or u = —1 according as a is positive or negative. 
By virtue of the Well-Ordering Principle, S must contain a smallest element d. Thus, 
from the very definition of S, there exist integers x and y for whichd = ax + by. We 
claim that d = gcd(a, b). 
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Taking stock of the Division Algorithm, we can obtain integers g and r such that 
a =qd-+r, where 0 <r < d. Then,s can be written in the form 


r=a—qd=a-—q(ax+by) 
= a(1 — qx) + b(—-qy) 


If r were positive, then this representation would imply that r is a member of S, 
contradicting the fact that d is the least integer in S (recall that r < d). Therefore, 
r = 0, and so a = qd, or equivalently d|a. By similar reasoning, d | b, the effect of 
which is to make d a common divisor of a and b. 

Now if c is an arbitrary positive common divisor of the integers a and b, then part 
(g) of Theorem 2.2 allows us to conclude that c | (ax + by); that is, c | d. By part (f) of 
the same theorem, c = |c | < |d| = d, sothat d is greater than every positive common 
divisor of a and b. Piecing the bits of information together, we see thatd = gcd(a, b). 


It should be noted that the foregoing argument is merely an “existence” proof 


and does not provide a practical method for finding the values of x and y. This will 
come later. 


A perusal of the proof of Theorem 2.3 reveals that the greatest common divisor 


of a and b may be described as the smallest positive integer of the form ax + by. 
Consider the case in which a = 6 and b = 15. Here, the set S becomes 


S = {6(—2) + 15-1,6(-1) +. 15-1,6-1+15-0,...} 
= (359) Opec} 


We observe that 3 is the smallest integer in $, whence 3 = gcd(6, 15). 


The nature of the members of S appearing in this illustration suggests another 


result, which we give in the next corollary. 


Corollary. If a and b are given integers, not both zero, then the set 
T = {ax + by|x, y are integers} 
is precisely the set of all multiples of d = gcd(a, b). 
Proof. Because d | a and d | b, we know that d | (ax + by) for all integers x, y. Thus, 


every member of T is a multiple of d. Conversely, d may be written as d = ax + byo 
for suitable integers xp and yo, so that any multiple nd of d is of the form 


nd = n(axo + byo) = a(nxo) + b(nyo) 


Hence, nd is a linear combination of a and b, and, by definition, lies in T. 


It may happen that 1 and —1 are the only common divisors of a given pair of 


integers a and b, whence gcd(a , b) = 1. For example: 


gcd(2 ,5) = gcd(—9, 16) = ged(—27, —35) = 1 


This situation occurs often enough to prompt a definition. 


Definition 2.3. Two integers a and b, not both of which are zero, are said to be relatively 
prime whenever gcd(a, b) = 1. 
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The following theorem characterizes relatively prime integers in terms of linear 
combinations. 


Theorem 2.4, Let a and b be integers, not both zero. Then a and b are relatively prime 
if and only if there exist integers x and y such that 1 = ax + by. 


Proof. If a and b are relatively prime so that gcd(a , b) = 1, then Theorem 2.3 guar- 
antees the existence of integers x and y satisfying 1 = ax + by. As for the converse, 
suppose that 1 = ax + by for some choice of x and y, and thatd = gcd(a, b). Because 
d|aandd|b, Theorem 2.2 yields d | (ax + by), or d| 1. Inasmuch as d is a positive 
integer, this last divisibility condition forces d to equal 1 (part (b) of Theorem 2.2 plays 
a role here), and the desired conclusion follows. 


This result leads to an observation that is useful in certain situations; namely, 
Corollary 1. If gcd(a , b) = d, then gced(a/d , b/d) = 1. 


Proof. Before starting with the proof proper, we should observe that although a/d and 
b/d have the appearance of fractions, in fact, they are integers because d is a divisor 
both of a and of b. Now, knowing that gcd(a , b) = d, it is possible to find integers x 
and y such that d = ax + by. Upon dividing each side of this equation by d, we obtain 


the expression 
1=(5)x+ 2 
={—)x = 
d d)> 


Because a/d and b/d are integers, an appeal to the theorem is legitimate. The conclu- 
sion is that a/d and b/d are relatively prime. 


For an illustration of the last corollary, let us observe that gcd(—12 , 30) = 6 
and 


gcd(—12/6, 30/6) = gcd(—2, 5) = 1 


as it should be. 

It is not true, without adding an extra condition, that a | c and b | c together give 
ab | c. For instance, 6 | 24 and 8 | 24, but6-8 / 24. If 6 and 8 were relatively prime, 
of course, this situation would not arise. This brings us to Corollary 2. 


Corollary 2. If a|c and b|c, with gcd(a, b) = 1, then ab | c. 


Proof. Inasmuch as a | c and b | c, integers r and s can be found such that c = ar = bs. 
Now the relation gcd(a , b) = 1 allows us to write 1 = ax + by for some choice of 
integers x and y. Multiplying the last equation by c, it appears that 


c=c-l=c(ax+ by) =acx + bcy 
If the appropriate substitutions are now made on the right-hand side, then 
c = a(bs)x + b(ar)y = ab(sx +ry) 


or, as a divisibility statement, ab | c. 
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Our next result seems mild enough, but is of fundamental importance. 
Theorem 2.5 Euclid’s lemma. If a| bc, with gcd(a, b) = 1, thena|c. 


Proof. We start again from Theorem 2.3, writing 1 = ax + by, where x and y are 
integers. Multiplication of this equation by c produces 


c=1-c=(ax+by)c =acx + bey 


Because a | ac and a | bc, it follows that a | (acx + bcy), which can be recast as a | c. 


If a and b are not relatively prime, then the conclusion of Euclid’s lemma may 


fail to hold. Here is a specific example: 12|9-8, but 12 {9 and 12 J 8. 


The subsequent theorem often serves as a definition of gcd(a , b). The advantage 


of using it as a definition is that order relationship is not involved. Thus, it may be 
used in algebraic systems having no order relation. 


Theorem 2.6. Let a, b be integers, not both zero. For a positive integer d, 
d = gcd(a, b) if and only if 


(a) d|jaandd |b. 
(b) Whenever c|a and c |b, then c | d. 


Proof. To begin, suppose that d = gcd(a, b). Certainly, d|a and d|b, so that (a) 
holds. In light of Theorem 2.3, d is expressible as d = ax + by for some integers x, y. 
Thus, if c|a and c|b, then c | (ax + by), or rather c|d. In short, condition (b) holds. 
Conversely, let d be any positive integer satisfying the stated conditions. Given any 
common divisor c of a and b, we have c|d from hypothesis (b). The implication is 
that d > c, and consequently d is the greatest common divisor of a and b. 


PROBLEMS 2.3 


. If a|b, show that (—a) |b, a|(—b), and (—a) | (—D). 
. Given integers a, b, c, d, verify the following: 


(a) Ifa|b, then a | be. 

(b) Ifa|b anda|c, then a? | be. 

(c) a|b if and only if ac| bc, where c £ 0. 
(d) If a|b and c|d, then ac | bd. 


. Prove or disprove: If a |(b +c), then either a|b ora|c. 
. For n > 1, use mathematical induction to establish each of the following divisibility 


statements: 
(a) 8|57 47. 
[Hint: 520+) 4.7 = 52(5*%* 4.7) + (7 — 57 -7).] 
(b) 15|2” — 1. 
(c) 5 | 33n+1 fe qntl 
(d) oat [an ae 52n-1 
(6) 24 2e 7" 3" =: 


. Prove that for any integer a, one of the integers a, a + 2,a + 41s divisible by 3. 


15. 


16. 


17. 
18. 


19. 


20. 
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. For an arbitrary integer a, verify the following: 


(a) 2|a(a+ 1), and3|a(a+1)(a + 2). 
(b) 3| a(2a? +7). 
(c) If a is odd, then 32 | (a* + 3)(a* +7). 


. Prove that if a and b are both odd integers, then 16 | a+ + b* — 2. 
. Prove the following: 


(a) The sum of the squares of two odd integers cannot be a perfect square. 
(b) The product of four consecutive integers is 1 less than a perfect square. 


. Establish that the difference of two consecutive cubes is never divisible by 2. 
. For anonzero integer a, show that gcd(a ,0) = |a|, gcd(a , a) = |a|, and gcd(a, 1) = 1. 
. If a and Db are integers, not both of which are zero, verify that 


ecd(a , b) = gcd(—a, b) = gcd(a, —b) = gcd(—a, —b) 


. Prove that, for a positive integer n and any integer a, gcd(a, a +n) divides n; hence, 


ecd(a,a+1)=1. 


. Given integers a and b, prove the following: 


(a) There exist integers x and y for which c = ax + by if and only if gcd(a, b) | c. 
(b) If there exist integers x and y for which ax + by = gcd(a, b), then gcd(x , y) = 1. 


. For any integer a, show the following: 


(a) gcd2Qa+1,9a+4)=1. 
(b) ged(S5a+2,7a+3) = 1. 
(c) If a is odd, then gcd(3a , 3a + 2) = 1. 
If a and b are integers, not both of which are zero, prove that gcd(2a — 3b, 4a — 5b) 
divides b; hence, gcd(2a + 3, 4a + 5) = 1. 
Given an odd integer a, establish that 
a’®>+(a+2’4+(a+4y’+1 

is divisible by 12. 
Prove that the expression (37)!/(3!)” is an integer for alln > 0. 
Prove: The product of any three consecutive integers is divisible by 6; the product of any 
four consecutive integers is divisible by 24; the product of any five consecutive integers 
is divisible by 120. 
[Hint: See Corollary 2 to Theorem 2.4.] 
Establish each of the assertions below: 
(a) If a is an arbitrary integer, then 6 | a(a* + 11). 
(b) If a is an odd integer, then 24 | a(a* — 1). 

[Hint: The square of an odd integer is of the form 8k + 1.] 
(c) If a and b are odd integers, then 8 | (a? — b”). 
(d) If a is an integer not divisible by 2 or 3, then 24 | (a? + 23). 
(e) If a is an arbitrary integer, then 360 | a2(a — 1)(a* — 4). 
Confirm the following properties of the greatest common divisor: 
(a) If gcd(a , b) = 1, and gcd(a, c) = 1, then gcd(a, bc) = 1. 

[Hint: Because 1 = ax + by = au + cv for some x, y, u, Vv, 

1 = (ax + by)(au + cv) = a(aux + cvx + byu) + bc(yv).] 
(b) If gcd(a, b) = 1, andc|a, then gcd(b, c) = 1. 
(c) If gcd(a, b) = 1, then gcd(ac, b) = gcd(c, D). 
(d) If ged(a , b) = 1, andc|a+D), then gcd(a,c) = gcd(b, c) = 1. 

[Hint: Let d = gcd(a, c). Then d | a, d | c implies that d|(a + b) — a, ord|b.] 
(e) If gcd(a , b) = 1, d | ac, and d | bc, then d | c. 
(f) If ged(a, b) = 1, then gcd(a? , b*) = 1. 

[Hint: First show that gcd(a , b*) = gcd(a’ , b) = 1.] 
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21. (a) Prove that if d|n, then 24 — 1|2” — 1. 
[Hint: Use the identity 
eo SG Dar a eth 1) 

(b) Verify that 2°° — 1 is divisible by 31 and 127. 
22. Let t, denote the nth triangular number. For what values of n does #, divide the sum 

tht+t+---+t,? 

[Hint: See Problem 1(c), Section 1.1.] 
23. If a | bc, show that a| ged(a, b) gcd(a, c). 


2.4 THE EUCLIDEAN ALGORITHM 


The greatest common divisor of two integers can, of course, be found by listing 
all their positive divisors and choosing the largest one common to each; but this 
is cumbersome for large numbers. A more efficient process, involving repeated 
application of the Division Algorithm, is given in the seventh Book of the Elements. 
Although there is historical evidence that this method predates Euclid, today it is 
referred to as the Euclidean Algorithm. 

The Euclidean Algorithm may be described as follows: Let a and b be two inte- 
gers whose greatest common divisor is desired. Because gcd(| a |, |b |) = gcd(a, b), 
there is no harm in assuming that a > b > O. The first step is to apply the Division 
Algorithm to a and b to get 

a=qb+nr O<r, <b 
If it happens that r; = 0, then b|a and gced(a, b) = b. When r; ¥ 0, divide Db by r; 
to produce integers qg2 and rz satisfying 

b= gor, + ro 0<m <r 
If r2 = O, then we stop; otherwise, proceed as before to obtain 

r) = g3r2 +73 O<73<1r2 


This division process continues until some zero remainder appears, say, at the 
(n + 1)th stage where 7,_; is divided by r, (a zero remainder occurs sooner or 
later because the decreasing sequence b > r; > r2 > --- > 0 cannot contain more 
than b integers). 

The result is the following system of equations: 


a=qb+n O<r, <b 
b= qori +12 O0<nm <r 
r) = Q3r2 +73 O<7r3 <1 


Vn—-2 = Qn¥n-1 TT n O<rn <Tn-1 
Pnh-1 = Qn+iln + 0 


We argue that r,,, the last nonzero remainder that appears in this manner, is equal to 
gcd(a , b). Our proof is based on the lemma below. 


Lemma. Ifa = qb +7, then gcd(a, b) = gcd(b,r). 
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Proof. If d= gcd(a,b), then the relations d|a and d|b together imply that 
d|(a —qb), or d|r. Thus, d is a common divisor of both b and r. On the other 
hand, if c is an arbitrary common divisor of b and r, then c|(qb+~,7), whence 
c|a. This makes c a common divisor of a and b, so that c < d. It now follows from 
the definition of gcd(b, r) that d = gcd(b,r). 


Using the result of this lemma, we simply work down the displayed system of 
equations, obtaining 


gcd(a, b) = gcd(b,r1}) = +--+ = gcd(rn-1, 7) = gcd(rn , 0) = mm 


as claimed. 

Theorem 2.3 asserts that gcd(a , b) can be expressed in the form ax + by, but 
the proof of the theorem gives no hint as to how to determine the integers x and y. 
For this, we fall back on the Euclidean Algorithm. Starting with the next-to-last 
equation arising from the algorithm, we write 


Vn = ln-2 — Qn¥n-1 
Now solve the preceding equation in the algorithm for r,,_; and substitute to obtain 


lh = ln-2 — GQn(Tn-3 — Gn—1'n—2) 


= (1 ale GnQn-1)' n-2 ae (—Gn)n-3 


This represents r, as a linear combination of 7,_2 and r,_3. Continuing backward 
through the system of equations, we successively eliminate the remainders r,_1, 
In—2,---5 172,71 until a stage is reached where r,, = gcd(a, b) is expressed as a linear 
combination of a and b. 


Example 2.3. Let us see how the Euclidean Algorithm works in a concrete case 
by calculating, say, gcd(12378 , 3054). The appropriate applications of the Division 
Algorithm produce the equations 


12378 = 4- 3054 + 162 
3054 = 18 - 162 + 138 
162 = 1-138+ 24 
138 =5-24+4 18 
24=1-18+6 

18 =3-6+0 


Our previous discussion tells us that the last nonzero remainder appearing in these 
equations, namely, the integer 6, is the greatest common divisor of 12378 and 3054: 


6 = gcd(12378 , 3054) 


To represent 6 as a linear combination of the integers 12378 and 3054, we start with 
the next-to-last of the displayed equations and successively eliminate the remainders 
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18, 24, 138, and 162: 
6= 24-18 
= 24 — (138 —5.- 24) 
= 6-24 —- 138 
= 6(162 — 138) — 138 
= 6-162 —7- 138 
= 6- 162 — 7(3054 — 18 - 162) 
= 132-162 —7- 3054 
= 132(12378 — 4 - 3054) — 7 - 3054 
= 132 - 12378 + (—535)3054 


Thus, we have 
6 = gcd(12378 , 3054) = 12378x + 3054y 


where x = 132 and y = —535. Note that this is not the only way to express the integer 
6 as a linear combination of 12378 and 3054; among other possibilities, we could add 
and subtract 3054 - 12378 to get 


6 = (132 + 3054)12378 + (—535 — 12378)3054 
= 3186 - 12378 + (—12913)3054 


The French mathematician Gabriel Lamé (1795-1870) proved that the number 
of steps required in the Euclidean Algorithm is at most five times the number of 
digits in the smaller integer. In Example 2.3, the smaller integer (namely, 3054) 
has four digits, so that the total number of divisions cannot be greater than 20; in 
actuality only six divisions were needed. Another observation of interest is that for 
each n > Q, itis possible to find integers a, and b, such that exactly n divisions are 
required to compute gcd(a, , b,) by the Euclidean Algorithm. We shall prove this 
fact in Chapter 14. 

One more remark is necessary. The number of steps in the Euclidean Algorithm 
usually can be reduced by selecting remainders r;,, such that | 7,41 | < r;,/2, that is, 
by working with least absolute remainders in the divisions. Thus, repeating Example 
2.3, it is more efficient to write 


12378 = 4- 3054 + 162 
3054 = 19 - 162 — 24 
162 =7-24-6 
24 = (—4)(-—6) + 0 
As evidenced by this set of equations, this scheme is apt to produce the negative of 
the value of the greatest common divisor of two integers (the last nonzero remainder 


being —6), rather than the greatest common divisor itself. 
An important consequence of the Euclidean Algorithm is the following theorem. 


Theorem 2.7. If k > 0, then gcd(ka , kb) = k gcd(a, b). 
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Proof. If each of the equations appearing in the Euclidean Algorithm for a and b (see 
page 28) is multiplied by k, we obtain 

ak = q\(bk) + rk 0 < rik < bk 

bk = qo(rik) + rok O < rok <rj,k 


Mn—2k = Gn(tn-1k) trunk =O < tk < ry_1k 
Tn—1k = Qn+i('nk) +0 


But this is clearly the Euclidean Algorithm applied to the integers ak and bk, so that 
their greatest common divisor is the last nonzero remainder r,,k; that is, 


ecd(ka ,kb) =r,k =k gcd(a, b) 


as Stated in the theorem. 
Corollary. For any integer k 4 0, gcd(ka , kb) = |k | gcd(a, b). 


Proof. \t suffices to consider the case in which k < 0. Then —k = |k | > 0 and, by 
Theorem 2.7, 


gcd(ak , bk) = gcd(—ak , —bk) 
= gced(a|k|, b| |) 
= |k| gcd(a, b) 


An alternate proof of Theorem 2.7 runs very quickly as follows: gcd(ak , bk) is 
the smallest positive integer of the form (ak)x + (bk)y, which, in turn, is equal to 
k times the smallest positive integer of the form ax + by; the latter value is equal to 
k gcd(a, b). 

By way of illustrating Theorem 2.7, we see that 


gcd(12, 30) = 3 gcd(4, 10) = 3-2 ged(2,5) = 6-1=6 


There is a concept parallel to that of the greatest common divisor of two integers, 
known as their least common multiple; but we shall not have much occasion to make 
use of it. An integer c is said to be a common multiple of two nonzero integers a 
and b whenever a|c and b | c. Evidently, zero is a common multiple of a and b. To 
see there exist common multiples that are not trivial, just note that the products ab 
and —(ab) are both common multiples of a and b, and one of these is positive. By 
the Well-Ordering Principle, the set of positive common multiples of a and b must 
contain a smallest integer; we call it the least common multiple of a and b. 

For the record, here is the official definition. 


Definition 2.4. The least common multiple of two nonzero integers a and b, denoted 
by Icm(a , b), is the positive integer m satisfying the following: 


(a) a|m and b|m. 
(b) Ifa|candb|c, withc > 0, then m < c. 
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As an example, the positive common multiples of the integers —12 and 30 are 
60, 120, 180, ...; hence, lcm(—12 , 30) = 60. 

The following remark is clear from our discussion: Given nonzero integers a 
and b, lcm(a, b) always exists and lcm(a, b) < | ab|. 

We lack a relationship between the ideas of greatest common divisor and least 
common multiple. This gap is filled by Theorem 2.8. 


Theorem 2.8. For positive integers a and b 


gecd(a , b) lem(a ,b) = ab 


Proof. To begin, put d = gcd(a, b) and write a = dr, b = ds for integers r and s. If 
m = ab/d, then m = as = rb, the effect of which is to make m a (positive) common 
multiple of a and b. 

Now let c be any positive integer that is a common multiple of a and b; say, 
for definiteness, c = au = by. As we know, there exist integers x and y satisfying 
d = ax + by. In consequence, 


c cd c(ax+by) _ ;c 
ar alee” aes 
This equation states that m | c, allowing us to conclude that m < c. Thus, in accordance 
with Definition 2.4, m = Icm(a , b); that is, 

ab _ ab 

d gcd(a, b) 


Cc 
)xt(=)ysvr+uy 
a 


Icm(a , b) = 
which is what we started out to prove. 
Theorem 2.8 has a corollary that is worth a separate statement. 


Corollary. For any choice of positive integers a and b, lcm(a , b) = ab if and only if 
gcd(a,b) = 1. 


Perhaps the chief virtue of Theorem 2.8 is that it makes the calculation of the 
least common multiple of two integers dependent on the value of their greatest 
common divisor—which, in turn, can be calculated from the Euclidean Algorithm. 
When considering the positive integers 3054 and 12378, for instance, we found that 
gcd(3054, 12378) = 6; whence, 


3054 - 12378 
Iem(3054, 12378) = aoa 6300402 


Before moving on to other matters, let us observe that the notion of greatest 
common divisor can be extended to more than two integers in an obvious way. In the 
case of three integers, a, b, c, not all zero, gcd(a , b, c) is defined to be the positive 
integer d having the following properties: 


(a) d is a divisor of each of a, b, c. 
(b) If e divides the integers a, b, c, then e < d. 
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We cite two examples: 
gcd(39 , 42,54) = 3 and gcd(49 , 210, 350) = 7 


The reader is cautioned that it is possible for three integers to be relatively prime as 
a triple (in other words, gcd(a , b, c) = 1), yet not relatively prime in pairs; this is 
brought out by the integers 6, 10, and 15. 


PROBLEMS 2.4 


1. 
2. 


10. 


11. 


Find gcd(143 , 227), gcd(306 , 657), and gcd(272 , 1479). 

Use the Euclidean Algorithm to obtain integers x and y satisfying the following: 
(a) gcd(56, 72) = 56x + 72y. 

(b) gcd(24, 138) = 24x + 138y. 

(c) gcd(119, 272) = 119x + 272y. 

(d) gcd(1769 , 2378) = 1769x + 2378y. 


. Prove that if d is a common divisor of a and b, then d = gcd(a, b) if and only if 


gcd(a/d,b/d) = 1. 
[Hint: Use Theorem 2.7.] 


. Assuming that gcd(a , b) = 1, prove the following: 


(a) gced(a+b,a—b)=1or2. 
[Hint: Let d = gcd(a+b,a—b) and show that d|2a, d|2b, and thus that 
d < gcd(2a , 2b) = 2 gcd(a, b).] 
(b) gcd(2a +b,a+2b) = 1 or3. 
(c) gcd(a +b, a* + b*) = 1 or2. 
(Hint: a? + b* = (a+ b)(a — b) +. 2b7.] 
(d) gced(a +b, a* —ab+b*) = 1 or3. 
[Hint: a? — ab + b* = (a+ b)* — 3ab.] 


. Forn = 1, and positive integers a, b, show the following: 


(a) If gcd(a , b) = 1, then gcd(a” , b”) = 1. 
[Hint: See Problem 20(a), Section 2.2. | 

(b) The relation a” | b” implies that a | b. 
[Hint: Put d = gcd(a, b) and write a = rd, b = sd, where gcd(r ,s) = 1. By part 
(a), gcd(r” , s”) = 1. Show that r = 1, whence a = d.]| 


. Prove that if gcd(a , b) = 1, then gcd(a +b, ab) = 1. 
. For nonzero integers a and b, verify that the following conditions are equivalent: 


(a) a|b. 
(b) ged(a, b) = |a|. 
(c) lem(a, b) = |b|. 


» Find Iem(143 , 227), lem(306, 657), and Icm(272 , 1479). 
. Prove that the greatest common divisor of two positive integers divides their least common 


multiple. 

Given nonzero integers a and b, establish the following facts concerning Icm(a , b): 

(a) gcd(a , b) = Icm(a, Db) if and only if a = +b. 

(b) If k > O, then Iem(ka , kb) = k |Icem(a, b). 

(c) If m is any common multiple of a and b, then Icm(a, b) | m. 
[Hint: Putt = Icm(a, b) and use the Division Algorithm to write m = gt +r, where 
0 <r <t. Show that r is acommon multiple of a and b.]| 

Let a, b, c be integers, no two of which are zero, and d = gcd(a, b, c). Show that 


d = gcd(gcd(a , b), c) = gcd(a, gcd(b, c)) = gcd(gced(a, c), b) 
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12. Find integers x, y, z satisfying 
gcd(198 , 288 , 512) = 198x + 288y + 512z 


[Hint: Put d = gcd(198 , 288). Because gcd(198 , 288 , 512) = gcd(d , 512), first find 
integers u and v for which gcd(d , 512) = du + 512v.] 


2.5 THE DIOPHANTINE EQUATION ax + by =c 


We now change focus somewhat and take up the study of Diophantine equations. 
The name honors the mathematician Diophantus, who initiated the study of such 
equations. Practically nothing is known of Diophantus as an individual, save that 
he lived in Alexandria sometime around 250 A.D. The only positive evidence as to 
the date of his activity is that the Bishop of Laodicea, who began his episcopate in 
270, dedicated a book on Egyptian computation to his friend Diophantus. Although 
Diophantus’ works were written in Greek and he displayed the Greek genius for the- 
oretical abstraction, he was most likely a Hellenized Babylonian. The only personal 
particulars we have of his career come from the wording of an epigram-problem 
(apparently dating from the 4th century): His boyhood lasted 1/6 of his life; his 
beard grew after 1/12 more; after 1/7 more he married, and his son was born 5 years 
later; the son lived to half his father’s age and the father died 4 years after his son. 
If x was the age at which Diophantus died, these data lead to the equation 

1 1 1 5 1 4 
7a a a ak 
with solution x = 84. Thus, he must have reached an age of 84, but in what year or 
even in what century is not certain. 

The great work upon which the reputation of Diophantus rests is his Arithmetica, 
which may be described as the earliest treatise on algebra. Only six Books of the 
original thirteen have been preserved. It is in the Arithmetica that we find the first 
systematic use of mathematical notation, although the signs employed are of the 
nature of abbreviations for words rather than algebraic symbols in the sense with 
which we use them today. Special symbols are introduced to represent frequently 
Occurring concepts, such as the unknown quantity in an equation and the different 
powers of the unknown up to the sixth power; Diophantus also had a symbol to 
express subtraction, and another for equality. 

It is customary to apply the term Diophantine equation to any equation in one or 
more unknowns that is to be solved in the integers. The simplest type of Diophantine 
equation that we shall consider is the linear Diophantine equation in two unknowns: 


ax +by=c 


where a, b, c are given integers and a, b are not both zero. A solution of this equation 
is a pair of integers xo, yo that, when substituted into the equation, satisfy it; that is, 
we ask that axo + byo = c. Curiously enough, the linear equation does not appear 
in the extant works of Diophantus (the theory required for its solution is to be found 
in Euclid’s Elements), possibly because he viewed it as trivial; most of his problems 
deal with finding squares or cubes with certain properties. 
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A given linear Diophantine equation can have a number of solutions, as is the 
case with 3x + 6y = 18, where 
3-4+6-1=18 
3(-6) + 6-6= 18 
3-10+ 6(—2) = 18 
By contrast, there is no solution to the equation 2x + 10y = 17. Indeed, the left-hand 
side is an even integer whatever the choice of x and y, whereas the right-hand side is 
not. Faced with this, it is reasonable to enquire about the circumstances under which 
a solution is possible and, when a solution does exist, whether we can determine all 
solutions explicitly. 

The condition for solvability is easy to state: the linear Diophantine equation 
ax + by = c admits a solution if and only ifd | c, whered = gcd(a, b). We know that 
there are integers r and s for whicha = dr and b = ds. Ifa solution of ax + by =c 
exists, so that axp + byo = c for suitable xo and yo, then 


c= axo + byp = drxo + dsyo = d(rxo + Syo) 


which simply says that d | c. Conversely, assume that d|c, say c = dt. Using The- 
orem 2.3, integers x9 and yo can be found satisfying d = axp + byo. When this 
relation is multiplied by ¢, we get 


c = dt = (axo + byo)t = a(txo) + D(tyo) 


Hence, the Diophantine equation ax + by = c has x = txo and y = tyo as a partic- 
ular solution. This proves part of our next theorem. 


Theorem 2.9. The linear Diophantine equation ax + by = c has a solution if and only 
if d|c, where d = gcd(a, b). If xo, yo is any particular solution of this equation, then 
all other solutions are given by 


+(2);1 (=)¢ 
XS=2% — =y—-|(- 
0 d y= JO d 
where ¢ is an arbitrary integer. 
Proof. To establish the second assertion of the theorem, let us suppose that a solution 
Xo, yo of the given equation is known. If x’, y’ is any other solution, then 

axo + byy =c =ax' + by’ 
which is equivalent to 

a(x’ — x9) = b(yo — y’) 


By the corollary to Theorem 2.4, there exist relatively prime integers r and s such that 
a = dr, b = ds. Substituting these values into the last-written equation and canceling 
the common factor d, we find that 


r(x’ — Xo) = s(yo — y’) 


The situation is now this: r | s(yo — y’), with ged(r , s) = 1. Using Euclid’s lemma, it 
must be the case that r | (yo — y’); or, in other words, yo — y’ = rt for some integer f¢. 
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Substituting, we obtain 
x’ —xo = st 


This leads us to the formulas 


b 
xy tot =a0+(7)1 


RS CeO 
y =yo—rt= yo ee 


It is easy to see that these values satisfy the Diophantine equation, regardless of the 
choice of the integer ¢; for 


ax’ + by! =a|x0+ (2) +] +0[y0- ($)¢] 


ab ab 
= (axo + byo) + & = =) t 


=c+0-t 


— 6 
Thus, there are an infinite number of solutions of the given equation, one for each value 
of f. 
Example 2.4. Consider the linear Diophantine equation 
172x + 20y = 1000 
Applying the Euclidean’s Algorithm to the evaluation of gcd(172 , 20), we find that 
172 = 8-204 12 


20 =1-12+8 
12=1-844 
8=2-4 


whence gcd(172 , 20) = 4. Because 4 | 1000, a solution to this equation exists. To obtain 
the integer 4 as a linear combination of 172 and 20, we work backward through the 
previous calculations, as follows: 


4=12-8 
= 12 — (20 — 12) 
=2-12-—20 


(172 8-90) = 26 
= 2-172 +(-17)20 


Upon multiplying this relation by 250, we arrive at 


1000 = 250 - 4 = 250[2 - 172 + (—17)20] 
= 500 - 172 + (—4250)20 
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so that x = 500 and y = —4250 provide one solution to the Diophantine equation in 
question. All other solutions are expressed by 


x = 500 + (20/4)t = 500 + 5¢ 
y = —4250 — (172/4)t = —4250 — 431 


for some integer f. 
A little further effort produces the solutions in the positive integers, if any happen 
to exist. For this, ¢ must be chosen to satisfy simultaneously the inequalities 


St + 500 > 0 — 43t — 4250 > 0 


or, what amounts to the same thing, 
98 = t 100 
43 


Because ¢ must be an integer, we are forced to conclude that t = —99. Thus, our 
Diophantine equation has a unique positive solution x = 5, y = 7 corresponding to 
the value t = —99, 


It might be helpful to record the form that Theorem 2.9 takes when the coeffi- 
cients are relatively prime integers. 


Corollary. If gcd(a , b) = 1 and if xo, yo is a particular solution of the linear Diophan- 
tine equation ax + by = c, then all solutions are given by 


x=xX+bt y=yo—at 


for integral values of f. 


Here is an example. The equation 5x + 22y = 18 has xp = 8, yo = —I1 as one 
solution; from the corollary, a complete solution is given by x =8+ 22t, 
y = —1 — 5t for arbitrary f¢. 

Diophantine equations frequently arise when solving certain types of traditional 
word problems, as evidenced by Example 2.5. 


Example 2.5. A customer bought a dozen pieces of fruit, apples and oranges, for 
$1.32. If an apple costs 3 cents more than an orange and more apples than oranges 
were purchased, how many pieces of each kind were bought? 

To set up this problem as a Diophantine equation, let x be the number of apples 
and y be the number of oranges purchased; in addition, let z represent the cost (in 
cents) of an orange. Then the conditions of the problem lead to 


(z+ 3)x + zy = 132 
or equivalently 
3x +(x + y)z = 132 
Because x + y = 12, the previous equation may be replaced by 
3X + 12z = 132 


which, in turn, simplifies to x + 4z = 44. 
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Stripped of inessentials, the object is to find integers x and z satisfying the 
Diophantine equation 


x+4z=44 (1) 


Inasmuch as gcd (1, 4) = 1 is a divisor of 44, there is a solution to this equation. Upon 
multiplying the relation 1 = 1(—3) + 4- 1 by 44 to get 


44 = 1(-132) +4. 44 


it follows that x9 = —132, z = 44 serves as one solution. All other solutions of 
Eq. (1) are of the form 


x=-132+4 z=44-t 


where ¢ is an integer. 

Not all of the choices for t furnish solutions to the original problem. Only values 
of ¢ that ensure 12 > x > 6 should be considered. This requires obtaining those values 
of ¢ such that 


12 > —132+4t > 6 


Now, 12 > —132 + 4t implies that t < 36, whereas —132 + 4t > 6 gives t > 345. 
The only integral values of t to satisfy both inequalities are t = 35 and t = 36. Thus, 
there are two possible purchases: a dozen apples costing 11 cents apiece (the case 
where t = 36), or 8 apples at 12 cents each and 4 oranges at 9 cents each (the case 
where ¢ = 35). 


Linear indeterminate problems such as these have a long history, occurring as 
early as the 1st century in the Chinese mathematical literature. Owing to a lack of 
algebraic symbolism, they often appeared in the guise of rhetorical puzzles or riddles. 
The contents of the Mathematical Classic of Chang Ch’ iu-chien (6th century) attest 
to the algebraic abilities of the Chinese scholars. This elaborate treatise contains one 
of the most famous problems in indeterminate equations, in the sense of transmission 
to other societies—the problem of the “hundred fowls.” The problem states: 


If a cock is worth 5 coins, a hen 3 coins, and three chicks together 1 coin, how many 
cocks, hens, and chicks, totaling 100, can be bought for 100 coins? 


In terms of equations, the problem would be written (if x equals the number of cocks, 
y the number of hens, z the number of chicks): 


1 
a a a x+y+z= 100 


Eliminating one of the unknowns, we are left with a linear Diophantine equation 
in the two other unknowns. Specifically, because the quantity z = 100 — x — y, we 
have 5x + 3y + 3(100 — x — y) = 100, or 


Tx +4y = 100 
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This equation has the general solution x = 4t, y = 25 — 7t, so that z = 75 + 31, 
where f¢ is an arbitrary integer. Chang himself gave several answers: 


x=4 y= 18. 278 
x=8 yal) w= sl 
f=): SH 4 z = 84 


A little further effort produces all solutions in the positive integers. For this, t must 
be chosen to satisfy simultaneously the inequalities 


4t>0 25 —7t >0 75+ 3t > 0 


The last two of these are equivalent to the requirement —25 < t < 3. Because t 
must have a positive value, we conclude that t = 1, 2, 3, leading to precisely the 
values Chang obtained. 


PROBLEMS 2.5 


1. Which of the following Diophantine equations cannot be solved? 

(a) 6x +5ly = 22. 

(b) 33x + 14y = 115. 

(c) 14x + 35y = 93. 

2. Determine all solutions in the integers of the following Diophantine equations: 

(a) 56x + 72y = 40. 

(b) 24x + 138y = 18. 

(c) 221x + 35y = 11. 

3. Determine all solutions in the positive integers of the following Diophantine equations: 
(a) 18x +5y = 48. 

(b) 54x + 21y = 906. 

(c) 123x + 360y = 99. 

(d) 158x —S57y =7. 

4. If a and b are relatively prime positive integers, prove that the Diophantine equation 
ax — by = c has infinitely many solutions in the positive integers. 

[Hint: There exist integers x9 and yo such that axo+byo =c. For any integer f, 

which is larger than both | xo | /b and | yo | /a, a positive solution of the given equation is 

x =Xo + bt, y = —(yo — at).] 

5. (a) A man has $4.55 in change composed entirely of dimes and quarters. What are the 
maximum and minimum number of coins that he can have? Is it possible for the 
number of dimes to equal the number of quarters? 

(b) The neighborhood theater charges $1.80 for adult admissions and $.75 for children. 
On a particular evening the total receipts were $90. Assuming that more adults than 
children were present, how many people attended? 

(c) A certain number of sixes and nines is added to give a sum of 126; if the number of 
sixes and nines is interchanged, the new sum is 114. How many of each were there 
originally? 

6. A farmer purchased 100 head of livestock for a total cost of $4000. Prices were as follow: 
calves, $120 each; lambs, $50 each; piglets, $25 each. If the farmer obtained at least one 
animal of each type, how many of each did he buy? 

7. When Mr. Smith cashed a check at his bank, the teller mistook the number of cents for 
the number of dollars and vice versa. Unaware of this, Mr. Smith spent 68 cents and then 
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noticed to his surprise that he had twice the amount of the original check. Determine the 
smallest value for which the check could have been written. 

[Hint: If x denotes the number of dollars and y the number of cents in the check, then 
100y + x — 68 = 2(100x + y).] 


. Solve each of the puzzle-problems below: 


(a) Alcuin of York, 775. One hundred bushels of grain are distributed among 
100 persons in such a way that each man receives 3 bushels, each woman 
2 bushels, and each child s bushel. How many men, women, and children are there? 

(b) Mahaviracarya, 850. There were 63 equal piles of plantain fruit put together and 7 
single fruits. They were divided evenly among 23 travelers. What is the number of 
fruits in each pile? 

[Hint: Consider the Diophantine equation 63x + 7 = 23y.] 

(c) Yen Kung, 1372. We have an unknown number of coins. If you make 77 strings of 
them, you are 50 coins short; but if you make 78 strings, it is exact. How many coins 
are there? 

[Hint: If N is the number of coins, then N = 77x +27=78y for integers 
x and y.] 

(d) Christoff Rudolff, 1526. Find the number of men, women, and children in a company 
of 20 persons if together they pay 20 coins, each man paying 3, each woman 2, and 
each child a: 

(e) Euler, 1770. Divide 100 into two summands such that one is divisible by 7 and the 
other by 11. 


CHAPTER 
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PRIMES AND THEIR DISTRIBUTION 


Mighty are numbers, joined with art resistless. 
EURIPIDES 


3.1 THE FUNDAMENTAL THEOREM OF ARITHMETIC 


Essential to everything discussed herein—in fact, essential to every aspect of number 
theory—is the notion of a prime number. We have previously observed that any 
integer a > 1 is divisible by +1 and + a; if these exhaust the divisors of a, then it 
is said to be a prime number. In Definition 3.1 we state this somewhat differently. 


Definition 3.1. An integer p > 1 is called a prime number, or simply a prime, if its 
only positive divisors are 1 and p. An integer greater than 1 that is not a prime is termed 
composite. 


Among the first ten positive integers, 2, 3,5, 7 are primes and 4, 6, 8, 9, 10 are 
composite numbers. Note that the integer 2 is the only even prime, and according to 
our definition the integer 1 plays a special role, being neither prime nor composite. 

In the rest of this book, the letters p and q will be reserved, so far as is possible, 
for primes. 

Proposition 14 of Book IX of Euclid’s Elements embodies the result that later 
became known as the Fundamental Theorem of Arithmetic, namely, that every inte- 
ger greater than | can, except for the order of the factors, be represented as a product 
of primes in one and only one way. To quote the proposition itself: “If a number be 
the least that is measured by prime numbers, it will not be measured by any other 
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prime except those originally measuring it.” Because every number a > | is either 
a prime or, by the Fundamental Theorem, can be broken down into unique prime 
factors and no further, the primes serve as the building blocks from which all other 
integers can be made. Accordingly, the prime numbers have intrigued mathemati- 
cians through the ages, and although a number of remarkable theorems relating to 
their distribution in the sequence of positive integers have been proved, even more 
remarkable is what remains unproved. The open questions can be counted among 
the outstanding unsolved problems in all of mathematics. 

To begin on a simpler note, we observe that the prime 3 divides the integer 36, 
where 36 may be written as any one of the products 


6-6=9-4=12-3=18-2 


In each instance, 3 divides at least one of the factors involved in the product. This is 
typical of the general situation, the precise result being Theorem 3.1. 


Theorem 3.1. If p is a prime and p|ab, then p|a or p|b. 


Proof. If p|a, then we need go no further, so let us assume that p { a. Because 
the only positive divisors of p are | and p itself, this implies that gcd(p , a) = 1. (In 
general, gcd(p ,a) = p or gcd(p,a) = 1 according as p|a or p { a.) Hence, citing 
Euclid’s lemma, we get p | b. 


This theorem easily extends to products of more than two terms. 


Corollary 1. If p is a prime and p | a;a2 --- a,, then p | a, forsomek, where 1 < k <n. 


Proof. We proceed by induction on n, the number of factors. When n = 1, the stated 
conclusion obviously holds; whereas when n = 2, the result is the content of Theorem 
3.1. Suppose, as the induction hypothesis, that n > 2 and that whenever p divides a 
product of less than n factors, it divides at least one of the factors. Now let p | aja2--- dy. 
From Theorem 3.1, either p | a, or p | a1a2 +--+ @,_1. If p | a,, then we are through. As 
regards the case where p | aja2---a,—;, the induction hypothesis ensures that p | ax 
for some choice of k, with 1 < k <n — 1. In any event, p divides one of the integers 
QA1,Qa2,..--, ay. 


Corollary 2. If p, 91, 92,..., Gn are all primes and p|qiqg2---dn, then p = gy for 
some k, where 1 < k <n. 


Proof. By virtue of Corollary 1, we know that p | gq, for some k, with 1 < k <n. Being 
a prime, qg; is not divisible by any positive integer other than 1 or gq, itself. Because 
p > 1, we are forced to conclude that p = q,. 


With this preparation out of the way, we arrive at one of the cornerstones of 
our development, the Fundamental Theorem of Arithmetic. As indicated earlier, 
this theorem asserts that every integer greater than | can be factored into primes 
in essentially one way; the linguistic ambiguity essentially means that 2-3-2 is 
not considered as being a different factorization of 12 from 2-2-3. We state this 
precisely in Theorem 3.2. 
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Theorem 3.2. Fundamental Theorem of Arithmetic. Every positive integer n > 1 
can be expressed as a product of primes; this representation is unique, apart from the 
order in which the factors occur. 


Proof. Either n is a prime or it is composite; in the former case, there is nothing 
more to prove. If n is composite, then there exists an integer d satisfying d|n and 
1 < d <n. Among all such integers d, choose p; to be the smallest (this is possible 
by the Well-Ordering Principle). Then p; must be a prime number. Otherwise it too 
would have a divisor g with 1 < q < pj; but then g| p; and p; |n imply that gq |n, 
which contradicts the choice of p; as the smallest positive divisor, not equal to 1, of n. 

We therefore may writen = p,n,, where p; isprimeand1 < n, < n.Ifn,; happens 
to be a prime, then we have our representation. In the contrary case, the argument is 
repeated to produce a second prime number p2 such that ny = p2n2; that is, 


n = Pi P2n2 l<no <n, 


If m2 is a prime, then it is not necessary to go further. Otherwise, write nz = p33, with 
p3 a prime: 


nN = Pi P2p3n3 l<n3<nyz 
The decreasing sequence 
n>ny>n>-:->1 


cannot continue indefinitely, so that after a finite number of steps n,_; is a prime, call 
it, p,. This leads to the prime factorization 


n= Pipr::: Pr 


To establish the second part of the proof—the uniqueness of the prime factoriza- 
tion—let us suppose that the integer n can be represented as a product of primes in two 
ways; Say, 


N= Pipr-** Pr =4192""*Gs oF SS 
where the p; and q; are all primes, written in increasing magnitude so that 
Pi = pes" ** Spr Gi G7 Se" S45 


Because Pp; | 4192°-- 9s, Corollary 2 of Theorem 3.1 tells us that p; = q; for some k; 
but then p; => q;. Similar reasoning gives q; > p,, whence p; = q;. We may cancel 
this common factor and obtain 


P2P3°** Pr = 4293 °°" As 
Now repeat the process to get p2 = q2 and, in turn, 


P3P4°°* Pr = 9394°°° Qs 


Continue in this fashion. If the inequality r < s were to hold, we would eventually 
arrive at 


l= Gr4+19r42°°° As 
which is absurd, because each gq; > 1. Hence, r = s and 
Pi=q P2 = 92,-++, Pr =4r 


making the two factorizations of n identical. The proof is now complete. 
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Of course, several of the primes that appear in the factorization of a given positive 
integer may be repeated, as is the case with 360 = 2-2-2-3-3-5. By collecting 
like primes and replacing them by a single factor, we can rephrase Theorem 3.2 as 
a corollary. 


Corollary. Any positive integer n > 1 can be written uniquely in a canonical form 


— pki ,k2 k, 
n= p, P2 *°' P,; 


where, fori = 1,2,...,7, each k; is a positive integer and each p; is a prime, with 
Pi < P2<°+°: < Pr. 


To illustrate, the canonical form of the integer 360 is 360 = 2° - 3? - 5. As further 

examples we cite 
4725 =3°-5*?-7 and 17460=2°.3*.5-7° 

Theorem 3.2 should not be taken lightly because number systems do exist in 
which the factorization into “primes” is not unique. Perhaps the most elemental 
example is the set E of all positive even integers. Let us agree to call an even integer 
an e-prime if it is not the product of two other even integers. Thus, 2, 6, 10, 14,... 
all are e-primes, whereas 4, 8, 12, 16,... are not. It is not difficult to see that the 
integer 60 can be factored into e-primes in two distinct ways; namely, 

60 = 2-30=6.- 10 
Part of the difficulty arises from the fact that Theorem 3.1 is lacking in the set E£; 
that is,6|2-30, but6 / 2 and6 J 30. 

This is an opportune moment to insert a famous result of Pythagoras. 
Mathematics as a science began with Pythagoras (569-500 B.c.), and much of the 
content of Euclid’s Elements is due to Pythagoras and his School. The Pythagoreans 
deserve the credit for being the first to classify numbers into odd and even, prime 
and composite. 


Theorem 3.3. Pythagoras. The number J/2 is irrational. 


Proof. Suppose, to the contrary, that ./2 is a rational number, say, /2 = a/b, where a 
and b are both integers with gcd(a , b) = 1. Squaring, we get a* = 2b’, so that b| a’. 
If b > 1, then the Fundamental Theorem of Arithmetic guarantees the existence of a 
prime p such that p |b. It follows that p|a* and, by Theorem 3.1, that p|a; hence, 
gcd(a ,b) > p. We therefore arrive at a contradiction, unless b = 1. Butif this happens, 
then a? = 2, which is impossible (we assume that the reader is willing to grant that 
no integer can be multiplied by itself to give 2). Our supposition that ./2 is a rational 
number is untenable, and so 2 must be irrational. 


There is an interesting variation on the proof of Theorem 3.3. If 2 = a/b with 
gcd(a , b) = 1, there must exist integers r and s satisfying ar + bs = 1. As a result, 
J/2= Jar + bs) = (/2a)r + (/2b)s = 2br + as 


This representation of 2 leads us to conclude that \/2 is an integer, an obvious 
impossibility. 
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PROBLEMS 3.1 


1. 


2. 


Oo ~l 


10. 
. Another unproven conjecture is that there are an infinitude of primes that are 1 less than 


14. 


15. 


It has been conjectured that there are infinitely many primes of the form n? — 2. Exhibit 
five such primes. 

Give an example to show that the following conjecture is not true: Every positive integer 
can be written in the form p + a’, where p is either a prime or 1, anda > 0. 


. Prove each of the assertions below: 


(a) Any prime of the form 3n + 1 is also of the form 6m + 1. 
(b) Each integer of the form 3n + 2 has a prime factor of this form. 
(c) The only prime of the form n? — 1 is 7. 

(Hint: Write n? — 1 as (n — 1)(n? +n+1).] 
(d) The only prime p for which 3p + 1 is a perfect square is p = 5. 
(e) The only prime of the form n* — 4 is 5. 


. If p > 5 is a prime number, show that p” + 2 is composite. 


[Hint: p takes one of the forms 6k + 1 or 6k + 5.] 


. (a) Given that p is a prime and p|a”, prove that p” | a”. 


(b) If gcd(a , b) = p, a prime, what are the possible values of gcd(a? , b*), gcd(a” , b) 
and gcd(a? , b?)? 


. Establish each of the following statements: 


(a) Every integer of the form n* + 4, with n > 1, is composite. 
[Hint: Write n* + 4 as a product of two quadratic factors. ] 
(b) Ifm > 41s composite, then n divides (n — 1)!. 
(c) Any integer of the form 8” + 1, where n > 1, is composite. 
[Hint: 2” +1|2°" + 11] 
(d) Each integer m > 11 can be written as the sum of two composite numbers. 
[Hint: Ifn is even, say n = 2k, thenn — 6 = 2(k — 3); forn odd, consider the integer 
n—9.] 


. Find all prime numbers that divide 50!. 
. If p > q > 5 and p and g are both primes, prove that 24| p? — q’. 
. (a) An unanswered question is whether there are infinitely many primes that are 1 more 


than a power of 2, such as 5 = 2” + 1. Find two more of these primes. 

(b) A more general conjecture is that there exist infinitely many primes of the form 
n* + 1; for example, 257 = 167 + 1. Exhibit five more primes of this type. 

If p #5 is an odd prime, prove that either p* — 1 or p? + 1 is divisible by 10. 


a power of 2, such as 3 = 27 — 1. 

(a) Find four more of these primes. 

(b) If p= Dies 118 prime, show that k is an odd integer, except when k = 2. 
(Hint: 3| 4” — 1 for alln > 1.] 


. Find the prime factorization of the integers 1234, 10140, and 36000. 
13. 


If n > 1 is an integer not of the form 6k + 3, prove that n* + 2” is composite. 

[Hint: Show that either 2 or 3 divides n? + 2”.] 

It has been conjectured that every even integer can be written as the difference of two 
consecutive primes in infinitely many ways. For example, 


“ 6 = 29 — 23 = 137 — 131 = 599 — 593 = 1019 — 1013 = - - - 
Express the integer 10 as the difference of two consecutive primes in 15 ways. 


Prove that a positive integer a > 1 is a square if and only if in the canonical form of a 
all the exponents of the primes are even integers. 
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16. An integer is said to be square-free if it is not divisible by the square of any integer greater 
than 1. Prove the following: 

(a) An integer n > 1 is square-free if and only if n can be factored into a product of 
distinct primes. 

(b) Every integer n > 1 is the product of a square-free integer and a perfect square. 
[Hint: If n = pi py ... p* is the canonical factorization of n, then write k; = 
2qi +r; where r; = 0 or 1 according as k; is even or odd. ] 

17. Verify that any integer n can be expressed as n = 2‘m, where k > 0 and m is an odd 
integer. 
18. Numerical evidence makes it plausible that there are infinitely many primes p such that 

p +50 1s also prime. List 15 of these primes. 

19. A positive integer n is called square-full, or powerful, if p? |n for every prime factor p 
of n (there are 992 square-full numbers less than 250,000). If n is square-full, show that 
it can be written in the form n = a2b°, with a and b positive integers. 


3.2 THE SIEVE OF ERATOSTHENES 


Given a particular integer, how can we determine whether it is prime or composite 
and, in the latter case, how can we actually find a nontrivial divisor? The most 
obvious approach consists of successively dividing the integer in question by each 
of the numbers preceding it; if none of them (except 1) serves as a divisor, then the 
integer must be prime. Although this method is very simple to describe, it cannot 
be regarded as useful in practice. For even if one is undaunted by large calculations, 
the amount of time and work involved may be prohibitive. 

There is a property of composite numbers that allows us to reduce materially 
the necessary computations—but still the process remains cumbersome. If an in- 
teger a > 1 is composite, then it may be written as a = bc, where 1 < b < a and 
1 <c <a. Assuming that b < c, we get b* < bc =a, and so b < ,/a. Because 
b > 1, Theorem 3.2 ensures that b has at least one prime factor p. Then p < b < /a; 
furthermore, because p | b and b | a, it follows that p|a. The point is simply this: A 
composite number a will always possess a prime divisor p satisfying p < ./a. 

In testing the primality of a specific integer a > 1, it therefore suffices to divide 
a by those primes not exceeding ./a (presuming, of course, the availability of a 
list of primes up to /a). This may be clarified by considering the integer a = 509. 
Inasmuch as 22 < 509 < 23, we need only try out the primes that are not larger 
than 22 as possible divisors, namely, the primes 2, 3, 5, 7, 11, 13, 17, 19. Dividing 
509 by each of these, in turn, we find that none serves as a divisor of 509. The 
conclusion is that 509 must be a prime number. 


Example 3.1. The foregoing technique provides a practical means for determining the 
canonical form of an integer, say a = 2093. Because 45 < 2093 < 46, it is enough 
to examine the primes 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43. By trial, the 
first of these to divide 2093 is 7, and 2093 = 7 - 299. As regards the integer 299, the 
seven primes that are less than 18 (note that 17 < /299 < 18) are 2,3,5, 7,11, 13,17. 
The first prime divisor of 299 is 13 and, carrying out the required division, we obtain 
299 = 13 - 23. But 23 is itself a prime, whence 2093 has exactly three prime factors, 
7, 13, and 23: 


2093 = 7-13-23 
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Another Greek mathematician whose work in number theory remains significant 
is Eratosthenes of Cyrene (276-194 B.c.). Although posterity remembers him mainly 
as the director of the world-famous library at Alexandria, Eratosthenes was gifted in 
all branches of learning, if not of first rank in any; in his own day, he was nicknamed 
“Beta” because, it was said, he stood at least second in every field. Perhaps the 
most impressive feat of Eratosthenes was the accurate measurement of the earth’s 
circumference by a simple application of Euclidean geometry. 

We have seen that if an integer a > 1 is not divisible by any prime p < ,/a, 
then a is of necessity a prime. Eratosthenes used this fact as the basis of a clever 
technique, called the Sieve of Eratosthenes, for finding all primes below a given 
integer n. The scheme calls for writing down the integers from 2 to n in their natural 
order and then systematically eliminating all the composite numbers by striking out 
all multiples 2p,3p,4p, 5p, ...of the primes p < /n. The integers that are left on 
the list—those that do not fall through the “sieve’”—are primes. 

To see an example of how this works, suppose that we wish to find all primes 
not exceeding 100. Consider the sequence of consecutive integers 2, 3, 4, ...,100. 
Recognizing that 2 is a prime, we begin by crossing out all even integers from our 
listing, except 2 itself. The first of the remaining integers is 3, which must be a 
prime. We keep 3, but strike out all higher multiples of 3, so that 9, 15, 21,... are 
now removed (the even multiples of 3 having been removed in the previous step). 
The smallest integer after 3 that has not yet been deleted is 5. It is not divisible by 
either 2 or 3—otherwise it would have been crossed out—hence, it is also a prime. 
All proper multiples of 5 being composite numbers, we next remove 10, 15, 20, ... 
(some of these are, of course, already missing), while retaining 5 itself. The first 
surviving integer 7 is a prime, for it is not divisible by 2, 3, or 5, the only primes 
that precede it. After eliminating the proper multiples of 7, the largest prime less 
than / 100 = 10, all composite integers in the sequence 2, 3, 4, ...,100 have fallen 
through the sieve. The positive integers that remain, to wit, 2, 3,5, 7, 11, 13, 17, 19, 
23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, are all of the primes 
less than 100. 

The following table represents the result of the completed sieve. The multiples 
of 2 are crossed out by \; the multiples of 3 are crossed out by /; the multiples of 5 
are crossed out by —; the multiples of 7 are crossed out by ~. 


y) 3 AQ 5 K 7 8 9 3 
ll MW 13 te #8 WW 17 BK 19 59 
wt wr 3 4 86 *® WW 2 ~ 29 36 
31 32 FB M+ SY FH 37 BW BW ae 
4, oe 43 a4, AS 46 47 RR HY 39 
KB MR 53 M 55 Fe HF SW 59 66 
61 SR £ & 65 66 67 68 69 wa 
71 BK 3 MM KH 6% FF RB 79 36 
Bi BR 838 84 85 8% 87 BB 89 9g 
DBL Se) 94 54 95. 9G 97 Se 9 +00. 


By this point, an obvious question must have occurred to the reader. Is there a 
largest prime number, or do the primes go on forever? The answer is to be found 
in a remarkably simple proof given by Euclid in Book IX of his Elements. Euclid’s 
argument is universally regarded as a model of mathematical elegance. Loosely 
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speaking, it goes like this: Given any finite list of prime numbers, one can always 
find a prime not on the list; hence, the number of primes is infinite. The actual details 
appear below. 


Theorem 3.4 Euclid. There is an infinite number of primes. 


Proof. Euclid’s proof is by contradiction. Let p; = 2, pp = 3, p3 =5, pa =7,... be 
the primes in ascending order, and suppose that there is a last prime, called p,. Now 
consider the positive integer 


P=piP2°-:Pn+1 


Because P > 1, we may put Theorem 3.2 to work once again and conclude that P 
is divisible by some prime p. But pj, p2,..., Py, are the only prime numbers, so 
that p must be equal to one of pj, p2,..-, Pn. Combining the divisibility relation 
P| PiP2-°-: Pn With p| P, we arrive at p| P — p, p2--- Pp Or, equivalently, p | 1. The 
only positive divisor of the integer 1 is 1 itself and, because p > 1, a contradiction 
arises. Thus, no finite list of primes is complete, whence the number of primes is 
infinite. 


For a prime p, define p* to be the product of all primes that are less than or equal 
to p. Numbers of the form p* + 1 might be termed Euclidean numbers, because they 
appear in Euclid’s scheme for proving the infinitude of primes. It 1s interesting to 
note that in forming these integers, the first five, namely, 


2#4+1=24+1=3 
3F41=2-34+1=7 
S#41=2-3-54+1=31 
7Fo4+1=2-3-5-74+1=211 
11#4+1=2-3-5-7-114+1= 2311 


are all prime numbers. However, 


13*+1=59-.509 
17#+1=19.97.277 
19* + 1 = 347 - 27953 


are not prime. A question whose answer is not known is whether there are infinitely 
many primes p for which p* + 1 is also prime. For that matter, are there infinitely 
many composite p* + 1? 

At present, 19 primes of the form p* + 1 have been identified. These correspond 
to the values p = 2, 3,5, 7, 11, 31, 379, 1019, 1021, 2657, 3229, 4547, 4787, 11549, 
13649, 18523, 23801, 24029, and 42209; the largest of these, a number consisting of 
18241 digits, was discovered in 2000. The integer p* + 1 is composite for all other 
p < 120000. 
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Euclid’s theorem is too important for us to be content with a single proof. Here 
is a variation in the reasoning: Form the infinite sequence of positive integers 


ny =2 

ng =nt+1 
n3=njn2+1 
ng =nynon3+ 1 


Ny =Nyn2---ny1~ +1 


Because each nz > 1, each of these integers is divisible by a prime. But no two 
nx; can have the same prime divisor. To see this, let d = gcd(n; ,n,) and suppose 
that i < k. Then d divides n; and, hence, must divide n,n2---n,_,. Because d | nx, 
Theorem 2.2 (g) tells us that d|n, —njn2---nxz_; or d| 1. The implication is that 
d = 1, and so the integers n,(k = 1, 2, ...) are pairwise relatively prime. The point 
we wish to make is that there are as many distinct primes as there are integers n;, 
namely, infinitely many of them. 

Let p, denote the nth of the prime numbers in their natural order. Euclid’s proof 
shows that the expression p) P2--- Py, + 11s divisible by at least one prime. If there 
are several such prime divisors, then p,1,; cannot exceed the smallest of these so 
that Pn41 < Pip2r-°*: Pn + 1 forn = 1. Another way of saying the same thing is that 


Pn = Pip2-**Pn-1 tl nee 
With a slight modification of Euclid’s reasoning, this inequality can be improved to 
give 

Pn S PiP2°** Pn-1 — 1 n>=3 
For instance, when n = 5, this tells us that 

ll = ps <2-3-5-7—1= 209 
We can see that the estimate is rather extravagant. A sharper limitation on the size 
of p, 1S given by Bonse’s inequality, which states that 

DP, <PiP2"**Pr-1 HS 

This inequality yields p? < 210, or ps < 14. A somewhat better size-estimate for 
Ps comes from the inequality 

Pon S P2P3°** Pn — 2 n>3 
Here, we obtain 

Ps < Po S pops —2=3-5-2= 13 
To approximate the size of p, from these formulas, it is necessary to know the 


values of pi, P2,.--, Pn—1- For a bound in which the preceding primes do not enter 
the picture, we have the following theorem. 


Theorem 3.5. If p, is the nth prime number, then p, <2?" . 
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Proof. Let us proceed by induction on n, the asserted inequality being clearly true 
when n = 1. As the hypothesis of the induction, we assume that n > 1 and that the 
result holds for all integers up to n. Then 


Pn+i < PiP2°*:Pnt1 
<2- 2¢ cee qr! aie l= Jlt24+2?+--+2"! ro 


Recalling the identity 1 + 2+ 27 +4+.--+2"-! = 2” — 1, we obtain 
Poti < 27141 
However, 1 < 2”'~! for all n; whence 
Pai = 27-1427! 
0% 92" 1 = 92" 


completing the induction step, and the argument. 


There is a corollary to Theorem 3.5 that is of interest. 
Corollary. For n > 1, there are at least n + 1 primes less than 2’. 


Proof. From the theorem, we know that p1, p2,..-, Pn41 are all less than 27’. 


We can do considerably better than is indicated by Theorem 3.5. In 1845, Joseph 
Bertrand conjectured that the prime numbers are well-distributed in the sense that 
between n > 2 and 2n there is at least one prime. He was unable to establish his con- 
jecture, but verified it for all n < 3,000,000. (One way of achieving this is to consider 
a sequence of primes 3, 5, 7, 13, 23, 43, 83, 163, 317, 631, 1259, 2503, 5003, 9973, 
19937, 39869, 79699, 159389, ... each of which is less than twice the preceding.) 
Because it takes some real effort to substantiate this famous conjecture, let us content 
ourselves with saying that the first proof was carried out by the Russian mathemati- 
cian P. L. Tchebycheff in 1852. Granting the result, it is not difficult to show that 


Deen: n>2 
and as a direct consequence, p,11 < 2p, forn > 2. In particular, 
ll =p5<2-pya= 14 


To see that p, < 2”, we argue by induction on n. Clearly, py = 3 < 27. so that 
the inequality is true here. Now assume that the inequality holds for an integer n, 
whence p,, < 2”. Invoking Bertrand’s conjecture, there exists a prime number p 
satisfying 2” < p < 2”*!; thatis, p, < p. This immediately leads to the conclusion 
that Pri1 < p < 2"*!, which completes the induction and the proof. 

Primes of special form have been of perennial interest. Among these, the re- 
punit primes are outstanding in their simplicity. A repunit is an integer written (in 
decimal notation) as a string of 1’s, such as 11, 111, or 1111. Each such integer must 
have the form (10” — 1)/9. We use the symbol R,, to denote the repunit consisting 
of n consecutive 1’s. A peculiar feature of these numbers is the apparent scarcity 
of primes among them. So far, only Ro, R19, R23, R317, Ri031, Rasogi1, and Rg6as3 
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have been identified as primes (the last one in 2001). It is known that the only 
possible repunit primes R,, for all n < 45000 are the seven numbers just indicated. 
No conjecture has been made as to the existence of any others. For a repunit R,, to 
be prime, the subscript n must be a prime; that this is not a sufficient condition is 
shown by 


Rs = 11111 = 41-271 R7 = 1111111 = 239 - 4649 


PROBLEMS 3.2 


1. 


2. 
3s 


11. 


12. 


Determine whether the integer 701 is prime by testing all primes p < 701 as possible 
divisors. Do the same for the integer 1009. 

Employing the Sieve of Eratosthenes, obtain all the primes between 100 and 200. 
Given that p J} n forall primes p < %/n, show that n > 1 is either a prime or the product 
of two primes. 

[Hint: Assume to the contrary that n contains at least three prime factors. | 


. Establish the following facts: 


(a) ./p is irrational for any prime p. 
(b) Ifa > Oand Ya is rational, then %/a must be an integer. 
(c) Forn > 2, 2/n is irrational. 

[Hint: Use the fact that 2” > n.] 


. Show that any composite three-digit number must have a prime factor less than or equal 


to 31. 


. Fill in any missing details in this sketch of a proof of the infinitude of primes: Assume 


that there are only finitely many primes, say pj, P2,..., Pn. Let A be the product of any 
r of these primes and put B = p) p2--- p,/A. Then each p,; divides either A or B, but 
not both. Because A + B > 1, A+ B has a prime divisor different from any of the p,, 
which is a contradiction. 


. Modify Euclid’s proof that there are infinitely many primes by assuming the existence 


of a largest prime p and using the integer N = p! + 1 to arrive at a contradiction. 


. Give another proof of the infinitude of primes by assuming that there are only finitely many 


primes, Say Pj, P2,.--, Pn, and using the following integer to arrive at a contradiction: 


N = p2p3-*+ Pn + Pip3-** Pat +++ + Pipr-** Pa-1 


. (a) Prove that ifn > 2, then there exists a prime p satisfying n < p < nl. 


[Hint: If n! — 1 is not prime, then it has a prime divisor p; and p < n implies p | n!, 
leading to a contradiction. | 

(b) For n > 1, show that every prime divisor of n! + 1 is an odd integer that is greater 
than 7. 


. Let g, be the smallest prime that is strictly greater than P, = p; p2--- Py + 1. Ithas been 


conjectured that the difference g, — (p1 P2--- Pn) 1S always a prime. Confirm this for the 
first five values of n. 
If p, denotes the nth prime number, put d, = Pyji1 — Pn. AN open question is whether 
the equation d,, = d,,4; has infinitely many solutions. Give five solutions. 
Assuming that p,, is the nth prime number, establish each of the following statements: 
(a) Pp > 2n — 1 forn > 5. 
(b) None of the integers P, = p; p2--- Py +1 is a perfect square. 

[Hint: Each P, is of the form 4k + 3 forn > 1.] 
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(c) The sum 


is never an integer. 
13. For the repunits R,,, verify the assertions below: 
(a) Ifnm|m, then R,, | Rn. 
[Hint: If m = kn, consider the identity 
1H GH D)aEO YY aa ee SE 
(b) Ifd|R, andd| R,,, then d | Ry+m.- 
[Hint: Show that Ryin = R,10” + Rm.] 
(c) If gcd(n, m) = 1, then gcd(R, , Ry) = 1. 
14. Use the previous problem to obtain the prime factors of the repunit R40. 


3.3 THE GOLDBACH CONJECTURE 


Although there is an infinitude of primes, their distribution within the positive inte- 
gers is most mystifying. Repeatedly in their distribution we find hints or, as it were, 
shadows of a pattern; yet an actual pattern amenable to precise description remains 
elusive. The difference between consecutive primes can be small, as with the pairs 
11 and 13, 17 and 19, or for that matter 1OOOOOO000061 and 1000000000063. At 
the same time there exist arbitrarily long intervals in the sequence of integers that 
are totally devoid of any primes. 

It is an unanswered question whether there are infinitely many pairs of twin 
primes; that is, pairs of successive odd integers p and p + 2 that are both primes. 
Numerical evidence leads us to suspect an affirmative conclusion. Electronic com- 
puters have discovered 152892 pairs of twin primes less than 30000000 and 20 pairs 
between 10!” and 10!*+ 10000, which hints at their growing scarcity as the positive 
integers increase in magnitude. Many examples of immense twins are known. The 
largest twins to date, each 51090 digits long, 

33218925 - 21979) + 1 
were discovered in 2002. 

Consecutive primes cannot only be close together, but also can be far apart; that 
is, arbitrarily large gaps can occur between consecutive primes. Stated precisely: 
Given any positive integer n, there exist n consecutive integers, all of which are 
composite. To prove this, we simply need to consider the integers 

Pl) Zane Ly ies ean) 
where (n+ 1)! =(n+1)-n---3-2-1. Clearly, there are nm integers listed and 
they are consecutive. What is important is that each integer is composite. Indeed, 
(n + 1)! + 21s divisible by 2, (n + 1)! + 3 is divisible by 3, and so on. 

For instance, if a sequence of four consecutive composite integers is desired, 

then the previous argument produces 122, 123, 124, and 125: 
5!4+2=122=2-61] 
5!+3=123=3.-41 
5!4+4= 124=4.-31 
Sa 19 SH 52 25 
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Of course, we can find other sets of four consecutive composites, such as 24, 25, 26, 
27 or 32, 33, 34, 35. 

As this example suggests, our procedure for constructing gaps between two con- 
secutive primes gives a gross overestimate of where they occur among the integers. 
The first occurrences of prime gaps of specific lengths, where all the intervening inte- 
gers are composite, have been the subject of computer searches. For instance, there is 
a gap of length 778 (thatis, pp+1 — Dyn = 778) following the prime 42842283925351. 
No gap of this size exists between two smaller primes. The largest effectively cal- 
culated gap between consecutive prime numbers has length 1132, with a string of 
1131 composites immediately after the prime 


1693182318746371 


Interestingly, computer researchers have not identified gaps of every possible width 
up to 1132. The smallest missing gap size is 796. The conjecture is that there is a 
prime gap (a string of 2k — 1 consecutive composites between two primes) for every 
even integer 2k. 

This brings us to another unsolved problem concerning the primes, the Gold- 
bach conjecture. In a letter to Leonhard Euler in the year 1742, Christian Goldbach 
hazarded the guess that every even integer is the sum of two numbers that are either 
primes or 1. A somewhat more general formulation is that every even integer greater 
than 4 can be written as a sum of two odd prime numbers. This is easy to confirm 
for the first few even integers: 


2=1+1 
4=24+2=1+3 
6=3+3=1+5 
8=3+5=1+7 
1lO=3+7=53+5 
I2Z=5+7=1+11 
14=34+11=74+7=1413 
16=3+13=5+11 
1I8=54+13=74+11=1+17 
20 =34+17=74+13=1+4+19 
22=3+19=54+17=11+4+11 
24=5419=7417=114+13=1+4+23 
26 = 3+23=74+19= 13413 
28 =5+4+23=114+17 
30 =7+23=114+19=134+17=14+29 
Although it seems that Euler never tried to prove the result, upon writing to Goldbach 
at a later date, Euler countered with a conjecture of his own: Any even integer (> 6) 
of the form 4n + 2 is a sum of two numbers each being either a prime of the form 
4n+ orl. 


The numerical data suggesting the truth of Goldbach’s conjecture are over- 
whelming. It has been verified by computers for all even integers less than 4 - 10!4. 
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As the integers become larger, the number of different ways in which 2n can be 
expressed as the sum of two primes increases. For example, there are 219400 such 
representations for the even integer 100000000. Although this supports the feeling 
that Goldbach was correct in his conjecture, it is far from a mathematical proof, 
and all attempts to obtain a proof have been completely unsuccessful. One of the 
most famous number theorists of the last century, G. H. Hardy, in his address to the 
Mathematical Society of Copenhagen in 1921, stated that the Goldbach conjecture 
appeared “... probably as difficult as any of the unsolved problems in mathematics.” 
It is currently known that every even integer is the sum of six or fewer primes. 

We remark that if the conjecture of Goldbach is true, then each odd number 
larger than 7 must be the sum of three odd primes. To see this, take n to be an odd 
integer greater than 7, so that n — 3 is even and greater than 4; if nm — 3 could be 
expressed as the sum of two odd primes, then n would be the sum of three. 

The first real progress on the conjecture in nearly 200 years was made by Hardy 
and Littlewood in 1922. On the basis of a certain unproved hypothesis, the so- 
called generalized Riemann hypothesis, they showed that every sufficiently large 
odd number is the sum of three odd primes. In 1937, the Russian mathematician 
I. M. Vinogradov was able to remove the dependence on the generalized Riemann 
hypothesis, thereby giving an unconditional proof of this result; that is to say, he 
established that all odd integers greater than some effectively computable no can be 
written as the sum of three odd primes. 


n= py + prt p3 (n odd, n sufficiently large) 


Vinogradov was unable to decide how large ng should be, but Borozdkin (1956) 
proved that 79 < 3°”. In 2002, the bound on no was reduced to 10!*“. It follows 
immediately that every even integer from some point on is the sum of either two 
or four primes. Thus, it is enough to answer the question for every odd integer n 
in the range 9 < n < no, which, for a given integer, becomes a matter of tedious 
computation (unfortunately, no is so large that this exceeds the capabilities of the 
most modern electronic computers). 

Because of the strong evidence in favor of the famous Goldbach conjecture, we 
readily become convinced that it is true. Nevertheless, it might be false. Vinogradov 
showed that if A(x) is the number of even integers n < x that are not the sum of two 
primes, then 


lim A(x)/x =0 


This allows us to say that “almost all” even integers satisfy the conjecture. As Edmund 
Landau so aptly put it, “The Goldbach conjecture is false for at most 0% of all even 
integers; this at most 0% does not exclude, of course, the possibility that there are 
infinitely many exceptions.” 

Having digressed somewhat, let us observe that according to the Division Al- 
gorithm, every positive integer can be written uniquely in one of the forms 


An 4n+1 4n+2 4n+3 
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for some suitable n > 0. Clearly, the integers 4n and 4n + 2 = 2(2n + 1) are both 
even. Thus, all odd integers fall into two progressions: one containing integers of 
the form 4n + 1, and the other containing integers of the form 4n + 3. 

The question arises as to how these two types of primes are distributed within the 
set of positive integers. Let us display the first few odd prime numbers in consecutive 
order, putting the 4n + 3 primes in the top row and the 4n + 1 primes under them: 


3 7 11 19 23 31 43 47 59 67 71 79 83 
5 13 17 29 37 41 53 61 73 = 89 


At this point, one might have the general impression that primes of the form 
4n + 3 are more abundant than are those of the form 4n + 1. To obtain more precise 
information, we require the help of the function 7,,,(x), which counts the number 
of primes of the form p = an + b not exceeding x. Our small table, for instance, 
indicates that 74, ;(89) = 10 and 74.3(89) = 13. 

In a famous letter written in 1853, Tchebycheff remarked that 74 )(x) < 74,3(x) 
for small values of x. He also implied that he had a proof that the inequality always 
held. In 1914, J. E. Litthewood showed that the inequality fails infinitely often, but 
his method gave no indication of the value of x for which this first happens. It turned 
out to be quite difficult to find. Not until 1957 did a computer search reveal that 
x = 26861 is the smallest prime for which 74 (x) > 714,3(x); here, m4,1(x) = 1473 
and 74.3(x) = 1472. This is an isolated situation, because the next prime at which a 
reversal occurs is x = 616,841. Remarkably, 74 1(x) > 74,3(x) for the 410 million 
successive integers x lying between 18540000000 and 18950000000. 

The behavior of primes of the form 3n +1 provided more of a computa- 
tional challenge: the inequality 73 ;(x) < 73.2(x) holds for all x until one reaches 
x = 608981813029. 

This furnishes a pleasant opportunity for a repeat performance of Euclid’s 
method for proving the existence of an infinitude of primes. A slight modifica- 
tion of his argument reveals that there is an infinite number of primes of the form 
4n + 3. We approach the proof through a simple lemma. 


Lemma. The product of two or more integers of the form 4 + | is of the same form. 


Proof. \tis sufficient to consider the product of just two integers. Let us take k = 4n + 1 
and k’ = 4m + 1. Multiplying these together, we obtain 


kk’ = (4n + 1)(4m + 1) 
= lonm+ 4n+4m4+1= 4(4nm+n-+m)+4+1 


which is of the desired form. 
This paves the way for Theorem 3.6. 


Theorem 3.6. There are an infinite number of primes of the form 4n + 3. 
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Proof. In anticipation of a contradiction, let us assume that there exist only finitely 
many primes of the form 4n + 3; call them qj, g2, ..., gs. Consider the positive integer 
N = 4q1q2°+- Gs —1 =4(q192-+-qs — 1) +3 
and let N = r,r2---r; be its prime factorization. Because WN is an odd integer, we have 
r, ~ 2 for all k, so that each r; is either of the form 4n + 1 or 4n + 3. By the lemma, 
the product of any number of primes of the form 4n + 1 is again an integer of this type. 
For N to take the form 4n + 3, as it clearly does, N must contain at least one prime 
factor r; of the form 4n + 3. But r; cannot be found among the listing q 1, q2,..., ds, 
for this would lead to the contradiction that 7; | 1. The only possible conclusion is that 

there are infinitely many primes of the form 4n + 3. 


Having just seen that there are infinitely many primes of the form 4n + 3, we 
might reasonably ask: Is the number of primes of the form 4n + 1 also infinite? This 
answer is likewise in the affirmative, but a demonstration must await the development 
of the necessary mathematical machinery. Both these results are special cases of a 
remarkable theorem by P. G. L. Dirichlet on primes in arithmetic progressions, 
established in 1837. The proof is much too difficult for inclusion here, so that we 
must content ourselves with the mere statement. 


Theorem 3.7 Dirichlet. If a and b are relatively prime positive integers, then the 
arithmetic progression 


d,at+b,a+2b,a+3b,... 


contains infinitely many primes. 


Dirichlet’s theorem tells us, for instance, that there are infinitely many prime 
numbers ending in 999, such as 1999, 100999, 1000999, . .. for these appear in the 
arithmetic progression determined by 1000n + 999, where gcd(1000 , 999) = 1. 

There is no arithmetic progression a,a +b,a+2b,... that consists solely of 
prime numbers. To see this, suppose that a + nb = p, where p is a prime. If we put 
ny =n+kp fork = 1,2,3,... then the n;,th term in the progression is 


atnb=at+(n+kp)b =(a+nb)+kpb= p+kpb 


Because each term on the right-hand side is divisible by p, so is a + n,b. In other 
words, the progression must contain infinitely many composite numbers. 

It is an old, but still unsolved question of whether there exist arbitrarily long 
but finite arithmetic progressions consisting only of prime numbers (not necessarily 
consecutive primes). The longest progression found to date is composed of the 22 
primes: 


11410337850553 + 4609098694200n 0 <n <21 
The prime factorization of the common difference between the terms is 
2°.3-57-7-11-13-17- 19-23 - 1033 


which is divisible by 9699690, the product of the primes less than 22. This takes 
place according to Theorem 3.8. 
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Theorem 3.8. If all the n > 2 terms of the arithmetic progression 
p,pt+d, pt2d,...,ptn- l)d 


are prime numbers, then the common difference d is divisible by every prime q < n. 


Proof. Consider a prime number g <n and assume to the contrary that g 1 d. We 
claim that the first g terms of the progression 


p,pt+d,pt+2d,...,p+(q—ld (1) 


will leave different remainders when divided by qg. Otherwise there exist integers j 
and k, with O < j < k <q —1, such that the numbers p + jd and p+ kd yield the 
Same remainder upon division by g. Then q divides their difference (k — j)d. But 
gcd(q , d) = 1, and so Euclid’s lemma leads to q | k — j, which is nonsense in light of 
the inequality k — j <q-—1. 

Because the q different remainders produced from Eq. (1) are drawn from the 
q integers 0,1,...,q—1, one of these remainders must be zero. This means that 
q|p + td for some t satisfying 0 < t < q — 1. Because of the inequality g <n < 
p < p+td, we are forced to conclude that p+ td is composite. (If p were less 
than n, one of the terms of the progression would be p + pd = p(1+d).) With this 
contradiction, the proof that g | d is complete. 


It has been conjectured that there exist arithmetic progressions of finite (but 
otherwise arbitrary) length, composed of consecutive prime numbers. Examples of 
such progressions consisting of three and four primes, respectively, are 47, 53, 59, 
and 251, 257, 263, 269. 

Most recently a sequence of 10 consecutive primes was discovered in which each 
term exceeds its predecessor by just 210; the smallest of these primes has 93 digits. 
Finding an arithmetic progression consisting of 11 consecutive primes is likely to 
be out of reach for some time. Absent the restriction that the primes involved be 
consecutive, strings of 11-term arithmetic progressions are easily located. One such 
is 


110437 + 13860n O<n< 10 


In the interest of completeness, we might mention another famous problem that, 
so far, has resisted the most determined attack. For centuries, mathematicians have 
sought a simple formula that would yield every prime number or, failing this, a 
formula that would produce nothing but primes. At first glance, the request seems 
modest enough: Find a function f(n) whose domain is, say, the nonnegative integers 
and whose range is some infinite subset of the set of all primes. It was widely believed 
years ago that the quadratic polynomial 


f(n) =n’? +n+41 


assumed only prime values. This was shown to be false by Euler, in 1772. As 
evidenced by the following table, the claim is a correct one for n = 0, 1, 2,..., 39. 
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n f(n) n f(n) n f(n) 


0 4l 14 251 28 853 
1 43 15 281 29 911 
2 47 16 313 30 971 
3 53 17 347 31 1033 
4 61 18 383 32 1097 
5 71 19 421 33 1163 
6 83 20 461 34 1231 
7 97 21 503 35 1301 
8 113 pip 547 36 1373 
9 131 23 593 37 1447 
10 151 24 641 38 1523 
11 173 25 691 39 1601 
12 197 26 743 

13 223 2) 797 


However, this provocative conjecture is shattered in the cases n = 40 and n = 41, 
where there is a factor of 41: 


f(40) = 40-414+41 = 41? 
and 
f(41) = 41-424+41 = 41-43 


The next value f(42) = 1847 turns out to be prime once again. In fact, for the 
first 100 integer values of n, the so-called Euler polynomial represents 86 primes. 
Although it starts off very well in the production of primes, there are other quadratics 
such as 

g(n) =n? +n+4+ 27941 


that begin to best f(n) as the values of n become larger. For example, g(n) is prime 
for 286129 values of 0 < n < 10°, whereas its famous rival yields 261081 primes 
in this range. 

It has been shown that no polynomial of the form n* +n + q, with g a prime, 
can do better than the Euler polynomial in giving primes for successive values of n. 
Indeed, until fairly recently no other quadratic polynomial of any kind was known 
to produce more than 40 successive prime values. The polynomial 


h(n) = 103n* — 3945n + 34381 


found in 1988, produces 43 distinct prime values forn = 0, 1, 2,..., 42. The current 
record holder in this regard 


k(n) = 36n* — 810n + 2753 


does slightly better by giving a string of 45 prime values. 
The failure of the previous functions to be prime-producing is no accident, 
for it is easy to prove that there is no nonconstant polynomial f(n) with integral 
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coefficients that takes on just prime values for integral n. We assume that such a 
polynomial f(n) actually does exist and argue until a contradiction is reached. Let 


f(n) = a,n* + apn” f+... ayn” +ajn+ao 


where all the coefficients ao, a1, ..., x are integers, and a, # 0. For a fixed value of 
(no), Pp = f (No) is aprime number. Now, for any integer t, we consider the following 
expression: 


f (no + tp) = a(no + tp) +--+ +.ai(no + tp) + ao 
= (ang + +++ + ayno +40) + pO(t) 
= f(no) + pQ(t) 
= pt pQ(t)= p+ Q(t) 


where Q(t) is a polynomial in ¢ having integral coefficients. Our reasoning shows 
that p| f(mo + tp); hence, from our own assumption that f(n) takes on only prime 
values, f(n9 + tp) = p for any integer t. Because a polynomial of degree k can- 
not assume the same value more than k times, we have obtained the required 
contradiction. 

Recent years have seen a measure of success in the search for prime-producing 
functions. W. H. Mills proved (1947) that there exists a positive real number r such 
that the expression f(n) = [r> ] is prime for n = 1, 2,3,... (the brackets indicate 
the greatest integer function). Needless to say, this is strictly an existence theorem 
and nothing is known about the actual value of r. Mills’s function does not produce 
all the primes. 


PROBLEMS 3.3 


1. Verify that the integers 1949 and 1951 are twin primes. 
2. (a) If 1 is added to a product of twin primes, prove that a perfect square is always 
obtained. 
(b) Show that the sum of twin primes p and p + 2 is divisible by 12, provided that p > 3. 

3. Find all pairs of primes p and gq satisfying p — q = 3. 

4. Sylvester (1896) rephrased the Goldbach conjecture: Every even integer 2n greater than 
4 is the sum of two primes, one larger than n/2 and the other less than 3n/2. Verify this 
version of the conjecture for all even integers between 6 and 76. 

5. In 1752, Goldbach submitted the following conjecture to Euler: Every odd integer can 
be written in the form p + 2a”, where p is either a prime or 1 and a > 0. Show that the 
integer 5777 refutes this conjecture. 

6. Prove that the Goldbach conjecture that every even integer greater than 2 is the sum of 
two primes is equivalent to the statement that every integer greater than 5 is the sum of 
three primes. 

(Hint: If 2n — 2 = p, + po, then 2n = pj + po +2 and 2n4+ 1 = py + po+3.] 

7. A conjecture of Lagrange (1775) asserts that every odd integer greater than 5 can be 
written as a sum py +2p2, where pj, pz are both primes. Confirm this for all odd 
integers through 75. 

8. Given a positive integer n, it can be shown that there exists an even integer a that is 
representable as the sum of two odd primes in n different ways. Confirm that the integers 


58 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 


19. 


20. 
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60, 78, and 84 can be written as the sum of two primes in six, seven, and eight ways, 
respectively. 


. (a) Forn > 3, show that the integers n,n + 2,n + 4 cannot all be prime. 


(b) Three integers p, p + 2, p + 6, which are all prime, are called a prime-triplet. Find 
five sets of prime-triplets. 
Establish that the sequence 


(n+1)!—2,(n41)!-3,...,24+D!—-M4) 


produces n consecutive composite integers for n > 2. 

Find the smallest positive integer n for which the function f(n) = n* +n + 17 is com- 
posite. Do the same for the functions g(n) = n? + 21n + 1 and h(n) = 3n? + 3n 4 23. 
Let p, denote the nth prime number. For n > 3, prove that De 43 < PnPn+1 Pn42- 

[Hint: Note that Pos < 4p. 45 < 8Dn41Pn+2-] 

Apply the same method of proof as in Theorem 3.6 to show that there are infinitely many 
primes of the form 6n + 5. 

Find a prime divisor of the integer V = 4(3 - 7-11) — 1 of the form 4n + 3. Do the same 
for N = 4(33-7-11-15)—1. 

Another unanswered question is whether there exist an infinite number of sets of five 
consecutive odd integers of which four are primes. Find five such sets of integers. 

Let the sequence of primes, with 1 adjoined, be denoted by po = 1, py = 2, po = 3, 
p3 =5,....Foreachn > 1, it is known that there exists a suitable choice of coefficients 
€; = +1 such that 


2n=2 2ne=1 
P2n = Prn-1 + a €k Pk P2n+1 = 2P2n + >. Ek Pk 


To illustrate: 
Ise be 23 eS Tei 
and 
WW=14+2-—3—-347-1142-13 


Determine similar representations for the primes 23, 29, 31, and 37. 

In 1848, de Polignac claimed that every odd integer is the sum of a prime and a power of 
2. For example, 55 = 47 + 2? = 23 + 2°. Show that the integers 509 and 877 discredit 
this claim. 

(a) If pis a prime and p / b, prove that in the arithmetic progression 


a,a+b,a+2b,a+3b,... 


every pth term is divisible by p. 
[Hint: Because gcd(p, b) = 1, there exist integers r and s satisfying pr + bs = 1. 
Put ny = kp — as fork = 1,2,... and show that p | (a+ n,b).] 
(b) From part (a), conclude that if b is an odd integer, then every other term in the 
indicated progression is even. 
In 1950, it was proved that any integer n > 9 can be written as a sum of distinct odd 
primes. Express the integers 25, 69, 81, and 125 in this fashion. 
If p and p” + 8 are both prime numbers, prove that p> + 4 is also prime. 


21. 


22. 


23. 


24. 
25. 


26. 


27. 


28. 
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(a) For any integer k > 0, establish that the arithmetic progression 
a+b,a+2b,a+3b,... 


where gcd(a, b) = 1, contains k consecutive terms that are composite. 
(Hint: Putn = (a+ b)\(a + 2b)---(a + kb) and consider the k terms a + (n+ 1)b, 
a+(n+2)b,...,a+(n+k)b.] 

(b) Find five consecutive composite terms in the arithmetic progression 


6, 11, 16, 21, 26, 31, 36,... 


Show that 13 is the largest prime that can divide two successive integers of the form 

n? + 3, 

(a) The arithmetic mean of the twin primes 5 and 7 is the triangular number 6. Are there 
any other twin primes with a triangular mean? 

(b) The arithmetic mean of the twin primes 3 and 5 is the perfect square 4. Are there any 
other twin primes with a square mean? 

Determine all twin primes p and g = p+ 2 for which pq — 2 is also prime. 

Let p, denote the nth prime. For n > 3, show that 


Pn < Pr t+ Pat--*++ Da-1 


[Hint: Use induction and the Bertrand conjecture. ] 

Verify the following: 

(a) There exist infinitely many primes ending in 33, such as 233, 433, 733, 1033,.... 
[Hint: Apply Dirichlet’s theorem. ] 

(b) There exist infinitely many primes that do not belong to any pair of twin primes. 
[Hint: Consider the arithmetic progression 21k + 5 fork = 1,2,....] 

(c) There exists a prime ending in as many consecutive 1’s as desired. 
[Hint: To obtain a prime ending in n consecutive 1’s, consider the arithmetic pro- 
gression 10"k + R, fork = 1,2,....] 

(d) There exist infinitely many primes that contain but do not end in the block of digits 
123456789. 
[Hint: Consider the arithmetic progression 10''k + 1234567891 fork = 1,2,....] 

Prove that for every n > 2 there exists a prime p with p <n < 2p. 

[Hint: In the case where n = 2k + 1, then by the Bertrand conjecture there exists a prime 

p such thatk < p < 2k.] 

(a) Ifnm > 1, show that n! is never a perfect square. 

(b) Find the values of n > 1 for which 


nit+(mt+]1)!4+(m42)! 


is a perfect square. 
[Hint: Note that n! + (n + 1)! 4+ (n+ 2)! =nl(n 4 2)*,] 


CHAPTER 


A 


THE THEORY OF CONGRUENCES 


Gauss once said “Mathematics is the queen of the sciences and number-theory 
the queen of mathematics.” If this be true we may add that the Disquisitiones 
is the Magna Charta of number-theory. 

M. CANTOR 


4.1 CARL FRIEDRICH GAUSS 


Another approach to divisibility questions is through the arithmetic of remainders, 
or the theory of congruences as it is now commonly known. The concept, and 
the notation that makes it such a powerful tool, was first introduced by the German 
mathematician Carl Friedrich Gauss (1777-1855) in his Disquisitiones Arithmeticae; 
this monumental work, which appeared in 1801 when Gauss was 24 years old, laid 
the foundations of modern number theory. Legend has it that a large part of the 
Disquisitiones Arithmeticae had been submitted as a memoir to the French Academy 
the previous year and had been rejected in a manner that, even if the work had been 
as worthless as the referees believed, would have been inexcusable. (In an attempt 
to lay this defamatory tale to rest, the officers of the Academy made an exhaustive 
search of their permanent records in 1935 and concluded that the Disquisitiones was 
never submitted, much less rejected.) “It is really astonishing,” said Kronecker, “to 
think that a single man of such young years was able to bring to light such a wealth 
of results, and above all to present such a profound and well-organized treatment of 
an entirely new discipline.” 
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Carl Friedrich Gauss 
(1777-1855) 


(Dover Publications, Inc.) 


Gauss was one of those remarkable infant prodigies whose natural aptitude for 
mathematics soon becomes apparent. As a child of age three, according to a well- 
authenticated story, he corrected an error in his father’s payroll calculations. His 
arithmetical powers so overwhelmed his schoolmasters that, by the time Gauss was 
7 years old, they admitted that there was nothing more they could teach the boy. It is 
said that in his first arithmetic class Gauss astonished his teacher by instantly solving 
what was intended to be a “busy work” problem: Find the sum of all the numbers 
from 1 to 100. The young Gauss later confessed to having recognized the pattern 


1+ 100 = 101,2+99 = 101,3+ 98 = 101,...,50+51 = 101 


Because there are 50 pairs of numbers, each of which adds up to 101, the sum of 
all the numbers must be 50 - 101 = 5050. This technique provides another way of 
deriving the formula 

aan + 1) 

“2 


for the sum of the first n positive integers. One need only display the consecutive 
integers 1 through n in two rows as follows: 


1 2 3 +++ n—-l on 
nm n—-1l n-2-:--- 2 1 


Addition of the vertical columns produces n terms, each of which is equal ton + 1; 
when these terms are added, we get the value n(n + 1). Because the same sum is 
obtained on adding the two rows horizontally, what occurs is the formulan(n + 1) = 
214+2+3+-:-+n). 

Gauss went on to a succession of triumphs, each new discovery following on 
the heels of a previous one. The problem of constructing regular polygons with only 
“Euclidean tools,” that is to say, with ruler and compass alone, had long been laid 
aside in the belief that the ancients had exhausted all the possible constructions. In 
1796, Gauss showed that the 17-sided regular polygon is so constructible, the first 


1+2+3+---4+n 
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advance in this area since Euclid’s time. Gauss’ doctoral thesis of 1799 provided a 
rigorous proof of the Fundamental Theorem of Algebra, which had been stated first 
by Girard in 1629 and then proved imperfectly by d’Alembert (1746), and later by 
Euler (1749). The theorem (it asserts that a polynomial equation of degree n has 
exactly n complex roots) was always a favorite of Gauss’, and he gave, in all, four 
distinct demonstrations of it. The publication of Disquisitiones Arithmeticae in 1801 
at once placed Gauss in the front rank of mathematicians. 

The most extraordinary achievement of Gauss was more in the realm of theo- 
retical astronomy than of mathematics. On the opening night of the 19th century, 
January 1, 1801, the Italian astronomer Piazzi discovered the first of the so-called 
minor planets (planetoids or asteroids), later called Ceres. But after the course of 
this newly found body—visible only by telescope—passed the sun, neither Piazzi 
nor any other astronomer could locate it again. Piazzi’s observations extended over 
a period of 41 days, during which the orbit swept out an angle of only nine degrees. 
From the scanty data available, Gauss was able to calculate the orbit of Ceres with 
amazing accuracy, and the elusive planet was rediscovered at the end of the year in 
almost exactly the position he had forecasted. This success brought Gauss worldwide 
fame, and led to his appointment as director of G6dttingen Observatory. 

By the middle of the 19th century, mathematics had grown into an enormous 
and unwieldy structure, divided into a large number of fields in which only the 
specialist knew his way. Gauss was the last complete mathematician, and it is no 
exaggeration to say that he was in some degree connected with nearly every aspect of 
the subject. His contemporaries regarded him as Princeps Mathematicorum (Prince 
of Mathematicians), on a par with Archimedes and Isaac Newton. This is revealed in 
a small incident: On being asked who was the greatest mathematician in Germany, 
Laplace answered, “Why, Pfaff.” When the questioner indicated that he would have 
thought Gauss was, Laplace replied, “Pfaff is by far the greatest in Germany, but 
Gauss is the greatest in all Europe.” 

Although Gauss adorned every branch of mathematics, he always held number 
theory in high esteem and affection. He insisted that, “Mathematics is the Queen of 
the Sciences, and the theory of numbers is the Queen of Mathematics.” 


4.2 BASIC PROPERTIES OF CONGRUENCE 


In the first chapter of Disquisitiones Arithmeticae, Gauss introduces the concept of 
congruence and the notation that makes it such a powerful technique (he explains that 
he was induced to adopt the symbol = because of the close analogy with algebraic 
equality). According to Gauss, “If a number n measures the difference between two 
numbers a and b, then a and DB are said to be congruent with respect to n; if not, 
incongruent.” Putting this into the form of a definition, we have Definition 4.1. 


Definition 4.1. Let n be a fixed positive integer. Two integers a and b are said to be 
congruent modulo n, symbolized by 
a = b (modn) 


if n divides the difference a — b; that is, provided that a — b = kn for some integer k. 
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To fix the idea, consider n = 7. It is routine to check that 
3 = 24 (mod 7) — 31 = 11 (mod 7) — 15 = —64 (mod 7) 


because 3 — 24 = (—3)7, —31 — 11 = (—6)7, and —15 — (—64) = 7-7. When 
n Xf (a—b), we say that a is incongruent to b modulo n, and in this case we write 
a # b (mod n). For a simple example: 25 # 12 (mod 7), because 7 fails to divide 
25 — 12 = 13. 

It is to be noted that any two integers are congruent modulo 1, whereas two 
integers are congruent modulo 2 when they are both even or both odd. Inasmuch as 
congruence modulo | is not particularly interesting, the usual practice is to assume 
thatn > 1. 

Given an integer a, let g and r be its quotient and remainder upon division by 
n, So that 


a=qn+r O<r<n 


Then, by definition of congruence, a = r (mod n). Because there are n choices for 
r, we see that every integer is congruent modulo n to exactly one of the values 
0O,1,2,...,n— 1; in particular, a =O (mod n) if and only if n|a. The set of n 
integers 0, 1,2,...,m — 1 is called the set of least nonnegative residues modulo n. 
In general, a collection of n integers a,, dz, ..., A, iS Said to form a complete set 
of residues (or a complete system of residues) modulo n if every integer is congruent 
modulo n to one and only one of the a;,. To put it another way, aj, a2,..., , are 
congruent modulo n to 0, 1, 2,...,” — 1, taken in some order. For instance, 


—12, —4, 11, 13, 22, 82, 91 
constitute a complete set of residues modulo 7; here, we have 
—12=2 —-42=3 114 13=6 22=1 82=5 91=0 


all modulo 7. An observation of some importance is that any n integers form a 
complete set of residues modulo n if and only if no two of the integers are congruent 
modulo n. We shall need this fact later. 

Our first theorem provides a useful characterization of congruence modulo n in 
terms of remainders upon division by n. 


Theorem 4.1. For arbitrary integers a and b, a = b (mod n) if and only if a and b 
leave the same nonnegative remainder when divided by n. 


Proof. First take a = b (mod n), so that a = b + kn for some integer k. Upon division 
by n, b leaves a certain remainder r; that is,b = qn +r, where O < r <n. Therefore, 
a=b+kn=(qn+r)+kn=(q+k)n+r 


which indicates that a has the same remainder as b. 
On the other hand, suppose we can write a = qin +r and b = qon +, with the 
same remainder r (0 < r <n). Then 


a—b=(qin+r)—(qon+r)=(qi — q2)n 


whence 1 |a — b. In the language of congruences, we have a = b (mod n). 
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Example 4.1. Because the integers —56 and —11 can be expressed in the form 
—56 = (-7)9 +7 —l1 =(—2)94+7 


with the same remainder 7, Theorem 4.1 tells us that —56 = —11 (mod 9). Going in 
the other direction, the congruence —31 = 11 (mod 7) implies that —31 and 11 have 
the same remainder when divided by 7; this is clear from the relations 


—31 =(-5)7+4 l1l=1-7+4 


Congruence may be viewed as a generalized form of equality, in the sense that 
its behavior with respect to addition and multiplication is reminiscent of ordinary 
equality. Some of the elementary properties of equality that carry over to congruences 
appear in the next theorem. 


Theorem 4.2. Letn > 1 be fixed anda, b, c, d be arbitrary integers. Then the following 
properties hold: 


(a) a =a (modn). 

(b) Ifa = b (mod n), then b = a (mod n). 

(c) Ifa = b (mod n) and b = c (mod n), then a = c (mod n). 

(d) If a=b (modn) and c=d (modn), then a+c=b+d (modn) and ac = 
bd (mod n). 

(ce) Ifa =b (mod n), thena +c =b+c (mod n) and ac = be (mod n). 

(f) If a = b (mod n), then a‘ = D* (mod n) for any positive integer k. 


Proof. For any integer a, we have a—a=0O0-n, so that a=a (modn). Now if 
a = b (mod n), then a — b = kn for some integer k. Hence, b — a = —(kn) = (—k)n 
and because —k is an integer, this yields property (b). 

Property (c) is slightly less obvious: Suppose that a = b (mod n) and also b = 
c (mod n). Then there exist integers h and k satisfying a — b = hn and b — c = kn. It 
follows that 


a—c=(a-—b)+(b-—c)=hn+kn=(h+k)n 


which is a = c (mod 7) in congruence notation. 

In the same vein, if a = b (mod n) and c = d (mod n), then we are assured that 
a —b=k,n and c — d = kpn for some choice of k; and kz. Adding these equations, 
we obtain 


(a+c)—(b+d)=(a—b)+(c—d) 
=kjn+kon = (ki +ko)n 


or, aS a congruence statement, a + c = b+d (mod n). As regards the second assertion 
of property (d), note that 


ac =(b+kin)(d + kon) = bd + (bk2 + dky + ky kan)n 


Because bk2 + dk, + k,k2n is an integer, this says that ac — bd is divisible by n, 
whence ac = bd (mod n). 

The proof of property (e) is covered by (d) and the fact that c = c (mod n). Finally, 
we obtain property (f) by making an induction argument. The statement certainly 
holds for k = 1, and we will assume it is true for some fixed k. From (d), we know 
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that a = b (mod n) and a‘ = b* (mod n) together imply that aa* = bb* (mod n), or 
equivalently a+! = b**! (mod n). This is the form the statement should take for k + 1, 
and so the induction step is complete. 


Before going further, we should illustrate that congruences can be a great help 
in carrying out certain types of computations. 


Example 4.2. Let us endeavor to show that 41 divides 27° — 1. We begin by noting 


that 2? = —9 (mod 41), whence (2°)* = (—9)* (mod 41) by Theorem 4.2(f); in other 
words, 27 = 81 - 81 (mod 41). But 81 = —1 (mod 41), and so 81 - 81 = 1 (mod 41). 
Using parts (b) and (e) of Theorem 4.2, we finally arrive at 


97] = 81-81 = 1 =1=—1 =0 mod 4)) 
Thus, 41 | 22° — 1, as desired. 


Example 4.3. For another example in the same spirit, suppose that we are asked to 
find the remainder obtained upon dividing the sum 


114+ 2!43!4+4!+---+9914 100! 


by 12. Without the aid of congruences this would be an awesome calculation. The 
observation that starts us off is that 4! = 24 = 0 (mod 12); thus, for k > 4, 


kK! =4!-5-6---k =0-5-6---k =0 (mod 12) 
In this way, we find that 
I!4+2!4+3!+4+4!+---+4 100! 
= 1!4+2!43!+04+-:--+0=9 (mod 12) 


Accordingly, the sum in question leaves a remainder of 9 when divided by 12. 


In Theorem 4.1 we saw that if a = b (mod n), then ca = cb (mod n) for any 
integer c. The converse, however, fails to hold. As an example, perhaps as simple 
as any, note that 2 - 4 = 2 - 1 (mod 6), whereas 4 ¥ 1 (mod 6). In brief: One cannot 
unrestrictedly cancel a common factor in the arithmetic of congruences. 

With suitable precautions, cancellation can be allowed; one step in this direction, 
and an important one, is provided by the following theorem. 


Theorem 4.3. If ca = cb (mod n), then a = b (mod n/d), where d = gcd(c,n). 


Proof. By hypothesis, we can write 
c(a —b)=ca—cb=kn 


for some integer k. Knowing that gcd(c ,n) = d, there exist relatively prime integers 
r and s satisfying c = dr, n = ds. When these values are substituted in the displayed 
equation and the common factor d canceled, the net result is 


r(a—b)=ks 


Hence, s | r(a — b) and gcd(r , s) = 1. Euclid’s lemma yields s | a — b, which may be 
recast as a = b (mod s); in other words, a = b (mod n/d). 
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Theorem 4.3 gets its maximum force when the requirement that gcd(c ,n) = 1 is 
added, for then the cancellation may be accomplished without a change in modulus. 


Corollary 1. If ca = cb (mod n) and ged(c ,n) = 1, then a = b (mod n). 


We take a moment to record a special case of Corollary 1 that we shall have 
frequent occasion to use, namely, Corollary 2. 


Corollary 2. If ca =cb (mod p) and p } c, where p is a prime number, then 
a = b (mod p). 


Proof. The conditions p jc and p a prime imply that gcd(c, p) = 1. 


Example 4.4. Consider the congruence 33 = 15 (mod 9) or, if one prefers, 3-11 = 
3-5 (mod 9). Because gced(3 , 9) = 3, Theorem 4.3 leads to the conclusion that 11 = 
5 (mod 3). A further illustration is given by the congruence —35 = 45 (mod 8), which 
is the same as 5 - (—7) = 5-9 (mod 8). The integers 5 and 8 being relatively prime, 
we may cancel the factor 5 to obtain a correct congruence —7 = 9 (mod 8). 


Let us call attention to the fact that, in Theorem 4.3, it is unnecessary to stipulate 
that c 4 0 (mod n). Indeed, if c = 0 (mod n), then gcd(c , n) = n and the conclusion 
of the theorem would state that a = b (mod 1); but, as we remarked earlier, this holds 
trivially for all integers a and b. 

There is another curious situation that can arise with congruences: The product 
of two integers, neither of which is congruent to zero, may turn out to be congruent to 
zero. For instance, 4 - 3 = 0 (mod 12), but4 4 0(mod 12) and3 4 O(mod 12). Itisa 
simple matter to show thatifab = 0 (mod n) and gcd(a ,n) = 1, thenb = 0 (mod n): 
Corollary 1 permits us legitimately to cancel the factor a from both sides of the 
congruence ab = a-0O (mod nn). A variation on this is that when ab = 0 (mod p), 
with p a prime, then either a = 0 (mod p) or b = 0 (mod p). 


PROBLEMS 4.2 


1. Prove each of the following assertions: 
(a) Ifa = b (modn) and m |n, then a = b (modm). 
(b) If a = b (mod n) andc > 0, then ca = cb (mod cn). 
(c) If a= b (mod n) and the integers a, b, n are all divisible by d > 0, then a/d = 
b/d (mod n/d). 
2. Give an example to show that a 
(mod n). 
3. If a = b (mod n), prove that gcd(a ,n) = gcd(b,n). 
4. (a) Find the remainders when 2°° and 41® are divided by 7. 
(b) What is the remainder when the following sum is divided by 4? 


[PA ae a2 0 100° 


*=b* (modn) need not imply that a=b 


5. Prove that the integer 53! + 103°? is divisible by 39, and that 111733 + 333!!! is divis- 
ible by 7. 
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11. 
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14. 


15. 
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17. 
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For n > 1, use congruence theory to establish each of the following divisibility state- 
ments: 

@)-7 |S 322". 

(b) 13 | ant2 ae gent 

(c) 7 | qsn+l is 5nt2. 

(d) A3 | 67+2 =e qant1 

For n > 1, show that 


(—13)""! = (—13)” + (—13)""! (mod 181) 


[Hint: Notice that (—13)? = —13 + 1 (mod 181); use induction on n.] 
Prove the assertions below: 

(a) If a is an odd integer, then a” = 1 (mod 8). 

(b) For any integer a, a? = 0, 1, or 6 (mod 7). 

(c) For any integer a, at = 0 or 1 (mod 5). 

(d) If the integer a is not divisible by 2 or 3, then a? = 1 (mod 24). 

If p is a prime satisfying n < p < 2n, show that 


be = () (mod p) 


n 
If a), d2,..., A, 1S a complete set of residues modulo n and gcd(a, n) = 1, prove that 
ada\, Adz, ..., AA, iS also a complete set of residues modulo n. 


[Hint: It suffices to show that the numbers in question are incongruent modulo 
n.| 

Verify that 0, 1, 2,27, 2?,...,2? form a complete set of residues modulo 11, but that 
0, 17, 27, 37,..., 107 do not. 

Prove the following statements: 

(a) If gcd(a ,n) = 1, then the integers 


c,cta,c+2a,c+3a,...,c+(n—la 


form a complete set of residues modulo n for any c. 
(b) Any 7 consecutive integers form a complete set of residues modulo n. 

[Hint: Use part (a).] 
(c) The product of any set of n consecutive integers is divisible by n. 
Verify that if a = b (mod n,) anda = b (mod nz), then a = b (mod n), where the integer 
n = Iem(n, , n2). Hence, whenever n,; and nz are relatively prime, a = b (mod n,n2). 
Give an example to show that a* = b* (mod n) and k = j (mod n) need not imply that 
a! = b/ (mod n). 
Establish that if a is an odd integer, then for any n > 1 


a” = 1 (mod 2"**) 


[Hint: Proceed by induction on n.] 
Use the theory of congruences to verify that 


89|24%-—1 and 97|2%-1 


Prove that whenever ab = cd (mod n) and b =d (mod n), with gcd(b,n) = 1, then 
a=c(modn). 

If a = b (mod n;) and a = c (mod nj), prove that b = c (mod n), where the integer n = 
gcd(n, ’ N2). 
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4.3 BINARY AND DECIMAL REPRESENTATIONS OF INTEGERS 


One of the more interesting applications of congruence theory involves finding 
special criteria under which a given integer is divisible by another integer. At their 
heart, these divisibility tests depend on the notational system used to assign “names” 
to integers and, more particularly, to the fact that 10 is taken as the base for our number 
system. Let us, therefore, start by showing that, given an integer b > 1, any positive 
integer N can be written uniquely in terms of powers of b as 


NS bay aoa Sap a 


where the coefficients a, can take on the b different values 0, 1, 2,...,b — 1. For 
the Division Algorithm yields integers g; and do satisfying 


N=q\b+ a O<a,<b 
If gq; = b, we can divide once more, obtaining 
g1=qbt+a, O<a, <b 
Now substitute for g; in the earlier equation to get 
N = (qob + a1)b + ay = qnb* + ayb + ag 


As long as g2 > b, we can continue in the same fashion. Going one more step: 
g2 = q3b + ao, where 0 < ap < b; hence 


N= q3b° + ayb* +a,jb+ao 


Because N > qi > q2 > --- > 01s a Strictly decreasing sequence of integers, this 
process must eventually terminate, say, at the (m — 1)th stage, where 


Fm—1 = Gm0 + Gm—1 O<an_1 <b 
and 0 < gdm < b. Setting dm = dm, we reach the representation 
N =dmb™ + dmb” | +--+ + a,b + ao 
which was our aim. 
To show uniqueness, let us suppose that N has two distinct representations, say, 
N =4mb" +---+ajb+ a) =Cmb” +---+c1b+ co 


with 0 < a; < b for each i and 0 < c; < b for each j (we can use the same m by 
simply adding terms with coefficients a; = 0 or c; = 0, if necessary). Subtracting 
the second representation from the first gives the equation 

O=dyb" +---+d\b+dp 


where d; = a; — c; fori = 0,1,...,m. Because the two representations for N are 
assumed to be different, we must have d; 4 O for some value of i. Take k to be the 
smallest subscript for which d, ~ 0. Then 


O = dmb™ + +++ + dyyib**! + dpb! 
and so, after dividing by b*, 
de bd OO eet aa) 
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This tells us that b | d,. Now the inequalities 0 < aq, < band O < cx, < b lead us to 
—b < ay — cy < b, or |d| < b. The only way of reconciling the conditions b | d; 
and | d, | < b is to have d, = 0, which is impossible. From this contradiction, we 
conclude that the representation of N is unique. 

The essential feature in all of this is that the integer N is completely determined 
by the ordered array dy, Gm—1, .-.-, 4, Ao of coefficients, with the plus signs and the 
powers of b being superfluous. Thus, the number 


N = dmb” + amo" | + +--+ ab? +a;b + ao 
may be replaced by the simpler symbol 
N = (AmQm—1 *** 42410 )p 


(the right-hand side is not to be interpreted as a product, but only as an abbreviation 
for NV). We call this the base b place-value notation for N. 

Small values of b give rise to lengthy representation of numbers, but have the 
advantage of requiring fewer choices for coefficients. The simplest case occurs when 
the base b = 2, and the resulting system of enumeration is called the binary number 
system (from the Latin binarius, two). The fact that when a number is written in the 
binary system only the integers 0 and 1 can appear as coefficients means that every 
positive integer is expressible in exactly one way as a sum of distinct powers of 2. 
For example, the integer 105 can be written as 


105: 1224 2D 0 1 2 a 022 0 1 
— 27649949341 


or, in abbreviated form, 
105 = (1101001), 
In the other direction, (1001111), translates into 
1-2°+0-2°+0-2441-2?41-2?+1-24+1=79 


The binary system is most convenient for use in modern electronic computing ma- 
chines, because binary numbers are represented by strings of zeros and ones; 0 and 
1 can be expressed in the machine by a switch (or a similar electronic device) being 
either on or off. 

We shall frequently wish to calculate the value of a* (mod n) when k is large. 
Is there a more efficient way of obtaining the least positive residue than multiplying 
a by itself k times before reducing modulo n? One such procedure, called the binary 
exponential algorithm, relies on successive squarings, with a reduction modulo n 
after each squaring. More specifically, the exponent k is written in binary form, as 
k = (AmQm_| ...€219)2, and the values a*’ (mod n) are calculated for the powers 
of 2, which correspond to the 1’s in the binary representation. These partial results 
are then multiplied together to give the final answer. 

An illustration should make this process clear. 
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Example 4.5. To calculate 5!!° (mod 131), first note that the exponent 110 can be 
expressed in binary form as 


110 = 644+ 324+84+442= (110110). 


Thus, we obtain the powers 5” (mod 131) for 0 < j <6 by repeatedly squaring while 
at each stage reducing each result modulo 131: 


5f 25 (mod 131) 5'©= 27 (mod 131) 
54=101 (mod 131) 5°? = 74 (mod 131) 
5§ = 114 (mod 131) 5% = 105 (mod 131) 


When the appropriate partial results—those corresponding to the 1’s in the binary 
expansion of 110—are multiplied, we see that 


5110 _ 504432484442 
— 564 , 532.58. 54.52 
= 105-74-114-101-25=60 (mod 131) 


As aminor variation of the procedure, one might calculate, modulo 131, the powers 
5.5593 30 0 a toameat 


5110 _ 596 512 52 —41.117-25=60 (mod131) 


which would require two fewer multiplications. 


We ordinarily record numbers in the decimal system of notation, where b = 10, 
omitting the 10-subscript that specifies the base. For instance, the symbol 1492 
stands for the more awkward expression 


1-10°+4-10°+9-10+2 


The integers 1, 4, 9, and 2 are called the digits of the given number, 1 being the 
thousands digit, 4 the hundreds digit, 9 the tens digit, and 2 the units digit. In 
technical language we refer to the representation of the positive integers as sums of 
powers of 10, with coefficients at most 9, as their decimal representation (from the 
Latin decem, ten). 

We are about ready to derive criteria for determining whether an integer is 
divisible by 9 or 11, without performing the actual division. For this, we need a result 
having to do with congruences involving polynomials with integral coefficients. 


Theorem 4.4. Let P(x) = )-y_) Cex“ be a polynomial function of x with integral 
coefficients c,. If a = b (mod n), then P(a) = P(b) (mod n). 


Proof. Because a =b (modn), part (f) of Theorem 4.2 can be applied to give 
k = b* (modn) fork = 0,1,...,m. Therefore, 
c.ak = cy. b* (mod n) 


for all such k. Adding these m + 1 congruences, we conclude that 


>» Ca” = 3 c,b* (mod n) 
k=0 k=0 


or, in different notation, P(a) = P(b) (mod n). 
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If P(x) is a polynomial with integral coefficients, we say that a is a solution of 
the congruence P(x) = 0 (mod n) if P(a) = 0 (mod n). 


Corollary. If a is a solution of P(x) = 0 (mod n) and a = b (mod n), then b also is a 
solution. 


Proof. From the last theorem, it is known that P(a) = P(b) (mod n). Hence, if a is a 
solution of P(x) = 0 (mod n), then P(b) = P(a) = 0 (mod n), making bD a solution. 


One divisibility test that we have in mind is this. A positive integer is divisible 
by 9 if and only if the sum of the digits in its decimal representation is divisible by 9. 


Theorem 4.5. Let N = a,,10” + d»_,10"~! +---+.a,10+ apo be the decimal ex- 
pansion of the positive integer V, 0 < a, < 10, and let S = a9 +: aj +---+ ay. Then 
9 | N if and only if 9| S. 


Proof. Consider P(x) = )~7.-9 ax“, a polynomial with integral coefficients. The key 
observation is that 10 = 1 (mod 9), whence by Theorem 4.4, P(10) = P(1) (mod 9). 
But P(10) = N and P(1) = ap +a, +--- +a, = S, so that N = S (mod 9). It fol- 
lows that N = 0 (mod 9) if and only if S = 0 (mod 9), which is what we wanted to 
prove. 


Theorem 4.4 also serves as the basis for a well-known test for divisibility by 11: 
an integer is divisible by 11 if and only if the alternating sum of its digits is divisible 
by 11. We state this more precisely by Theorem 4.6. 


Theorem 4.6. Let N = a,,10" + a,_,10"~! +---+.a,10+ ap be the decimal ex- 
pansion of the positive integer N,O < a, < 10, and let T=ajp—a,+a)-—--:- 
+ (—1)”a,. Then 11| N if and only if 11|T. 


Proof. As in the proof of Theorem 4.5, put P(x) = 775 a,.x*. Because 10 = —1 
(mod 11), we get P(10) = P(—1) (mod 11). But P(10) = N, whereas P(—1) = 
ag — a, +a). —---+(—1)"ay = T, 80 that N = T (mod 11). The implication is that 
either both N and T are divisible by 11 or neither is divisible by 11. 


Example 4.6. To see an illustration of the last two results, take the integer N = 
1,571,724. Because the sum 


14+5354+7414+7424+4=27 


is divisible by 9, Theorem 4.5 guarantees that 9 divides N. It also can be divided by 
11; for, the alternating sum 


4—-247-147-54+1=11 
is divisible by 11. 


Congruence theory is frequently used to append an extra check digit to iden- 
tification numbers, in order to recognize transmission errors or forgeries. Personal 
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identification numbers of some kind appear on passports, credit cards, bank accounts, 
and a variety of other settings. 

Some banks use an eight-digit identification number a,a2...ag together with 
a final check digit a9. The check digit is usually obtained by multiplying the digits 
aj(1 <i < 8) by certain “weights” and calculating the sum of the weighted products 
modulo 10. For instance, the check digit might be chosen to satisfy 


ag = Ta, + 3a. + 9a3 + 7a4 + 3a5 + 9a6 + 7a7 + 3ag (mod 10) 
The identification number 81504216 would then have check digit 
dg =7-8+3-14+9-54+7-04+3-44+9-24+7-1+3-6=9 (mod 10) 


so that 815042169 would be printed on the check. 

This weighting scheme for assigning check digits detects any single-digit error 
in the identification number. For suppose that the digit a; is replaced by a different 
a:. By the manner in which the check digit is calculated, the difference between the 
correct dg and the new ag is 


dy — dg = k(a; — a;) (mod 10) 


where k is 7, 3, or 9 depending on the position of a;. Because k(a; — a;) # 0(mod 10), 
it follows that ag # ag and the error is apparent. Thus, if the valid number 81504216 
were incorrectly entered as 81504316 into a computer programmed to calculate 
check digits, an 8 would come up rather than the expected 9. 

The modulo 10 approach is not entirely effective, for it does not always detect 
the common error of transposing distinct adjacent entries a and b within the string 
of digits. To illustrate: the identification numbers 81504216 and 81504261 have 
the same check digit 9 when our example weights are used. (The problem occurs 
when |a — b| = 5.) More sophisticated methods are available, with larger moduli 
and different weights, that would prevent this possible error. 


PROBLEMS 4.3 


1. Use the binary exponentiation algorithm to compute both 19°? (mod 503) and 14147 
(mod 1537). 

2. Prove the following statements: 
(a) For any integer a, the units digit of a’ is 0, 1, 4, 5, 6, or 9. 
(b) Any one of the integers 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 can occur as the units digit of a°. 
(c) For any integer a, the units digit of a* is 0, 1, 5, or 6. 
(d) The units digit of a triangular number is 0, 1, 3, 5, 6, or 8. 

3. Find the last two digits of the number 9°’. 
(Hint: 99 =9 (mod 10); hence, 9° = 99+!%: now use the fact that 99 = 89(mod 
100).] 

4. Without performing the divisions, determine whether the integers 176,521,221 and 
149,235,678 are divisible by 9 or 11. 

5. (a) Obtain the following generalization of Theorem 4.6: If the integer N is represented 

in the base b by 


N =a,b" +--+ ab? +a;b+a@ O<a<b-1 
then b — 1| N if and only if b — 1| (ay +---+a.+ a; +a). 
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(b) Give criteria for the divisibility of N by 3 and 8 that depend on the digits of N when 
written in the base 9. 

(c) Is the integer (447836) divisible by 3 and 8? 

Working modulo 9 or 11, find the missing digits in the calculations below: 

(a) 51840 - 273581 = 1418243x040. 

(b) 2x99561 = [3(523 + x)]’. 

(c) 2784x = x - 5569. 

(d) 512 - 1x53125 = 1000000000. 

Establish the following divisibility criteria: 

(a) An integer is divisible by 2 if and only if its units digit is 0, 2, 4, 6, or 8. 

(b) An integer is divisible by 3 if and only if the sum of its digits is divisible by 3. 

(c) An integer is divisible by 4 if and only if the number formed by its tens and units 
digits is divisible by 4. 
(Hint: 10 = 0 (mod 4) for k > 2.] 

(d) An integer is divisible by 5 if and only if its units digit is 0 or 5. 

For any integer a, show that a* —a-+7ends in one of the digits 3, 7, or 9. 

Find the remainder when 44444 is divided by 9. 

(Hint: Observe that 2? = —1 (mod 9).] 


. Prove that no integer whose digits add up to 15 can be a square or a cube. 


[Hint: For any a, a> = 0, 1, or 8 (mod 9).] 


. Assuming that 495 divides 273x49y5, obtain the digits x and y. 
. Determine the last three digits of the number 7””’. 


[Hint: 7” = (1 + 400)” = 1 + 400n (mod 1000).] 


. If t, denotes the nth triangular number, show that t,42, = t, (mod k); hence, t, and ty,+29 


must have the same last digit. 


. For any n > 1, prove that there exists a prime with at least n of its digits equal to 0. 


[Hint: Consider the arithmetic progression 10°*'k +1 fork =1,2,....] 


. Find the values of n > 1 for which 1! + 2!+ 3!+----+n! is a perfect square. 


[Hint: Problem 2(a).] 

Show that 2” divides an integer N if and only if 2” divides the number made up of the 
last n digits of N. 

[Hint: 10 = 2*5* = 0 (mod 2") fork > n.] 

Let N = a,10” + ---+ a 107 + a,10 + ao, where 0 < a, < 9, be the decimal expan- 
sion of a positive integer N. 

(a) Prove that 7, 11, and 13 all divide N if and only if 7, 11, and 13 divide the integer 


M = (100a2 + 10a; + ao) — (100a5 + 10a, + a3) 
+ (100ag + 10a7 + a6) —-::: 


[Hint: If n is even, then 10°" = 1, 10°”*! = 10, 10°”*? = 100 (mod 1001); if n is 
odd, then 10°” = —1, 10°"+! = —10, 10°"*? = —100 (mod 1001).] 
(b) Prove that 6 divides N if and only if 6 divides the integer 


M =a) + 4a; + 4a. +--+ +4an 


Without performing the divisions, determine whether the integer 1010908899 is divisible 

by 7, 11, and 13. 

(a) Given an integer N, let M be the integer formed by reversing the order of the digits 
of N (for example, if N = 6923, then M = 3296). Verify that N — M is divisible 
by 9. 
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21. 


22. 
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(b) A palindrome is a number that reads the same backwards as forwards (for instance, 
373 and 521125 are palindromes). Prove that any palindrome with an even number 
of digits is divisible by 11. 
Given a repunit R,, show that 
(a) 9| R,, if and only if 9 | n. 
(b) 11|R, if and only if n is even. 
Factor the repunit Rg = 111111 into a product of primes. 
[Hint: Problem 17(a).] 
Explain why the following curious calculations hold: 
1-94 2=11 
12-94 3=111 
123-9+ 4=1111 
1234-94 5= 11111 
12345-9+ 6=111111 
123456-94+ 7= 1111111 
1234567-9+ 8= 11111111 
12345678 -9+ 9=111111111 


123456789 -9+4 10 = 1111111111 

[Hint: Show that 
(107-1 +.2- 107-2 4+. 3 -10"-3 +.--.+n)(10 — 1) 
19"1+! pea | 
5 

An old and somewhat illegible invoice shows that 72 canned hams were purchased for 
$x 67.9y. Find the missing digits. 
If 792 divides the integer 13x y 45z, find the digits x, y, and z. 
[Hint: By Problem 17, 8 | 45z.] 
For any prime p > 3 prove that 13 divides 107? — 10? + 1. 
Consider the eight-digit bank identification number a ,a2 ...ag, which is followed by a 
ninth check digit ag chosen to satisfy the congruence 


ay = 7a, + 3a2 + Yaz + 7a4 + 3a5 + 9ag + 7a7 + 3ag (mod 10) 


(a) Obtain the check digits that should be appended to the two numbers 55382006 and 
81372439. 

(b) The bank identification number 237a4 18538 has an illegible fourth digit. Determine 
the value of the obscured digit. 

The International Standard Book Number (ISBN) used in many libraries consists of nine 

digits a|daz ...dg followed by a tenth check digit ajo, which satisfies 

9 


Hat l= 


a= ka, (mod 11) 
k=1 
Determine whether each of the ISBNs below is correct: 
(a) 0-07-232569-0 (United States). 
(b) 91-7643-497-5 (Sweden). 
(c) 1-56947-303-10 (England). 
When printing the ISBN aj,a2...a9, two unequal digits were transposed. Show that the 
check digits detected this error. 
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4.4 LINEAR CONGRUENCES AND THE CHINESE 
REMAINDER THEOREM 


This is a convenient place in our development of number theory at which to inves- 
tigate the theory of linear congruences: An equation of the form ax = b (mod n) 
is called a linear congruence, and by a solution of such an equation we mean an 
integer x9 for which axp = b (mod n). By definition, axo = b (mod n) if and only 
if n | axo — b or, what amounts to the same thing, if and only if axo — b = nyo for 
some integer yo. Thus, the problem of finding all integers that will satisfy the lin- 
ear congruence ax = b (mod n) is identical with that of obtaining all solutions of 
the linear Diophantine equation ax — ny = b. This allows us to bring the results of 
Chapter 2 into play. 

It is convenient to treat two solutions of ax = b (mod n) that are congruent 
modulo n as being “equal” even though they are not equal in the usual sense. For 
instance, x = 3 and x = —9 both satisfy the congruence 3x = 9 (mod 12); because 

= —9(mod 12), they are not counted as different solutions. In short: When we refer 
to the number of solutions of ax = b (mod n), we mean the number of incongruent 
integers Satisfying this congruence. 

With these remarks in mind, the principal result is easy to state. 


Theorem 4.7. The linear congruence ax = b (mod n) has a solution if and only if d | b, 
where d = gcd(a,n). If d |b, then it has d mutually incongruent solutions modulo n. 


Proof. We already have observed that the given congruence is equivalent to the linear 
Diophantine equation ax — ny = b. From Theorem 2.9, it is known that the latter 
equation can be solved if and only if d | b; moreover, if it is solvable and x9, yo is one 
specific solution, then any other solution has the form 


he ve 
X=Xo+ = = + — 
0 y = Yo 


for some choice of ft. 
Among the various integers satisfying the first of these formulas, consider those 


that occur when ¢t takes on the successive values t = 0,1,2,...,d—1: 
ie n 2 2n n (d —1)n 
Xo, —,x —,...,X oe 
0, X0 Be 0 7 


We claim that these integers are incongruent modulo n, and all other such integers x 
are congruent to some one of them. If it happened that 


ae ae ee 
+ —t) =xo + <b (m 

XO d 1 XO d a) od ht 
where 0 < ft; < t2 < d — 1, then we would have 


j= God wy 
—_— 1. —_— =— nh 
as Pas 


Now gcd(n/d,n) = n/d, and therefore by Theorem 4.3 the factor n/d could be can- 
celed to arrive at the congruence 


t) = to (mod d) 
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which is to say that d|t. —t,. But this is impossible in view of the inequality 
O<t—t, <d. 

It remains to argue that any other solution x9 + (n/d)t is congruent modulo n to 
one of the d integers listed above. The Division Algorithm permits us to write t as 
t =qd+r, where 0 <r <d— 1. Hence 


n nh 
Ad 0 haat) 
= nh 
Ue oes 


=Xo+ or (mod n) 


with x9 + (n/d)r being one of our d selected solutions. This ends the proof. 


The argument that we gave in Theorem 4.7 brings out a point worth stating ex- 
plicitly: If xo is any solution of ax = b (mod n), then thed = gcd(a,n) incongruent 
solutions are given by 


n n nN 
x0,%9 + 5,x0+2(5),.--.20+d—1) (5) 


For the reader’s convenience, let us also record the form Theorem 4.7 takes in 
the special case in which a and n are assumed to be relatively prime. 


Corollary. If gcd(a ,n) = 1, then the linear congruence ax = b (mod n) has a unique 
solution modulo n. 


Given relatively prime integers a and n, the congruence ax = 1 (mod n) has a 
unique solution. This solution is sometimes called the (multiplicative) inverse of a 
modulo n. 

We now pause to look at two concrete examples. 


Example 4.7. First consider the linear congruence 18x = 30 (mod 42). Because 
gcd(18, 42) = 6 and 6 surely divides 30, Theorem 4.7 guarantees the existence of 
exactly six solutions, which are incongruent modulo 42. By inspection, one solution 
is found to be x = 4. Our analysis tells us that the six solutions are as follows: 


x =44 (42/6)t = 44 7t (mod 42) ie Oe cere) 
or, plainly enumerated, 


x = 4, 11, 18, 25, 32, 39 (mod 42) 


Example 4.8. Let us solve the linear congruence 9x = 21 (mod 30). At the outset, 
because gcd(9 , 30) = 3 and 3|21, we know that there must be three incongruent 
solutions. 

One way to find these solutions is to divide the given congruence through by 
3, thereby replacing it by the equivalent congruence 3x = 7 (mod 10). The relative 
primeness of 3 and 10 implies that the latter congruence admits a unique solution 
modulo 10. Although it is not the most efficient method, we could test the integers 
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0,1, 2,...,9 in turn until the solution is obtained. A better way is this: Multiply both 
sides of the congruence 3x = 7 (mod 10) by 7 to get 


21x = 49 (mod 10) 


which reduces to x = 9 (mod 10). (This simplification is no accident, for the multiples 
0-3, 1-3, 2-3,...,9-3 form a complete set of residues modulo 10; hence, one 
of them is necessarily congruent to 1 modulo 10.) But the original congruence was 
given modulo 30, so that its incongruent solutions are sought among the integers 0, 1, 
2,..., 29. Taking t = 0, 1, 2, in the formula 


x =94+4 10t 
we obtain 9, 19, 29, whence 
x = 9 (mod 30) x = 19 (mod 30) = 29 (mod 30) 


are the required three solutions of 9x = 21 (mod 30). 

A different approach to the problem is to use the method that is suggested in the 
proof of Theorem 4.7. Because the congruence 9x = 21(mod 30) is equivalent to the 
linear Diophantine equation 


9x — 30y = 21 


we begin by expressing 3 = gcd(9,, 30) as a linear combination of 9 and 30. It is found, 
either by inspection or by using the Euclidean Algorithm, that 3 = 9(—3) + 30- 1, so 
that 


21 =7-3 = 9-21) — 30(-7) 


Thus, x = —21, y = —7 satisfy the Diophantine equation and, in consequence, all 
solutions of the congruence in question are to be found from the formula 


x = —21 + 30/3)t = —21 + 10¢ 


The integers x = —21 + 10t, where t = 0, 1, 2, are incongruent modulo 30 (but all are 
congruent modulo 10); thus, we end up with the incongruent solutions 


= —21 (mod 30) = —11 (mod 30) = —1 (mod 30) 


or, if one prefers positive numbers, x = 9, 19, 29 (mod 30). 


Having considered a single linear congruence, it is natural to turn to the problem 


of solving a system of simultaneous linear congruences: 


a,x = b; (mod m)), aox = bp (mod m2), ...,a-x = b; (mod m,) 


We shall assume that the moduli m, are relatively prime in pairs. Evidently, the 


System will admit no solution unless each individual congruence is solvable; that 


is, unless d; |b, for each k, where d, = gcd(a;,, m;). When these conditions are 


satisfied, the factor d, can be canceled in the kth congruence to produce a new 
system having the same set of solutions as the original one: 


a,x =D (mod n;), a,x = b, (mod np), ..., a,x =b. (mod n,) 
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where ny = mg/d, and gcd(n; ,n;) = 1 fori ¢ j; in addition, gcd(a; , n;) = 1. The 
solutions of the individual congruences assume the form 


x =c, (mod nj), x = c2 (mod np), ..., x =c; (mod n,) 


Thus, the problem is reduced to one of finding a simultaneous solution of a system 
of congruences of this simpler type. 

The kind of problem that can be solved by simultaneous congruences has a 
long history, appearing in the Chinese literature as early as the 1st century A.D. 
Sun-Tsu asked: Find a number that leaves the remainders 2, 3, 2 when divided by 
3,5, 7, respectively. (Such mathematical puzzles are by no means confined to a single 
cultural sphere; indeed, the same problem occurs in the Jntroductio Arithmeticae 
of the Greek mathematician Nicomachus, circa 100 A.D.) In honor of their early 
contributions, the rule for obtaining a solution usually goes by the name of the 
Chinese Remainder Theorem. 


Theorem 4.8 Chinese Remainder Theorem. Letn,, 12, ...,n, be positive integers 
such that gced(n; ,n;) = 1 fori ~ 7. Then the system of linear congruences 


Xx=a, (mod n1) 


xX = a> (mod n2) 


x =a, (mod n,) 


has a simultaneous solution, which is unique modulo the integer njn2---n,. 


Proof. We start by forming the product n = njn2---n,. Foreachk = 1,2,...,r, let 
n 
Ng = — = 1 +++ Mg_-1Nk41 °° Nr 
Nk 


In words, Nx is the product of all the integers n; with the factor nz, omitted. By hy- 
pothesis, the n; are relatively prime in pairs, so that gcd( Nx , nx) = 1. According to the 
theory of a single linear congruence, it is therefore possible to solve the congruence 
Nyx = 1 (mod nx); call the unique solution x;,. Our aim is to prove that the integer 


X = a,N,x, + a2.N 0x2 +---+a,N,X; 


is a Simultaneous solution of the given system. 
First, observe that N; = 0 (mod n;) for i # k, because n; | N; in this case. The 
result is 
X =ayNix, +---+a,N,xX, = arNex~ (mod nx) 
But the integer x, was chosen to satisfy the congruence N;x = 1 (mod n,;), which 
forces 


xX =a,- 1 =a, (mod n,) 


This shows that a solution to the given system of congruences exists. 
As for the uniqueness assertion, suppose that x’ is any other integer that satisfies 
these congruences. Then 


80 


ELEMENTARY NUMBER THEORY 


and so nz |x —x’ for each value of k. Because gcd(n; ,n;) = 1, Corollary 2 to 
Theorem 2.4 supplies us with the crucial point that njn2---n,|x — x’; hence 
xX =x’ (mod n). With this, the Chinese Remainder Theorem is proven. 


Example 4.9. The problem posed by Sun-Tsu corresponds to the system of three 


congruences 
x = 2 (mod 3) 
x = 3 (mod 5) 
x = 2 (mod 7) 
In the notation of Theorem 4.8, we have n = 3-5-7 = 105 and 
n n n 
Ni = ~—- =35 No = = = 21 Nz = -—=15 
3 5 f 


Now the linear congruences 
35x = 1 (mod 3) 21x = 1 (mod 5) 15x = 1 (mod 7) 


are satisfied by x; = 2, x2 = 1, x3 = 1, respectively. Thus, a solution of the system is 
given by 


x=2-35-24+3-21-142-15-1=233 
Modulo 105, we get the unique solution x = 233 = 23 (mod 105). 


Example 4.10. For a second illustration, let us solve the linear congruence 
17x = 9 (mod 276) 


Because 276 = 3 - 4-23, this is equivalent to finding a solution for the system of 
congruences 


17x = 9 (mod 3) or = 0 (mod 3) 
17x = 9 (mod 4) x = 1 (mod 4) 
17x = 9 (mod 23) 17x = 9 (mod 23) 


Note that if x = 0 (mod 3), then x = 3k for any integer k. We substitute into the second 
congruence of the system and obtain 


3k = 1 (mod 4) 
Multiplication of both sides of this congruence by 3 gives us 
k = 9k = 3 (mod 4) 
so that k = 3 + 47, where / is an integer. Then 
x=334+4j7)=9412] 
For x to satisfy the last congruence, we must have 
17(9 + 127) = 9 (mod 23) 


or 204 7 = —144 (mod 23), which reduces to 37 = 6 (mod 23); in consequence, j = 2 
(mod 23). This yields 7 = 2 + 231, with ¢ an integer, whence 


x =94 122 4+ 23t) = 33 + 276t 
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All in all, x = 33 (mod 276) provides a solution to the system of congruences and, in 
turn, a solution to 17x = 9 (mod 276). 


We should say a few words about linear congruences in two variables; that is, 
congruences of the form 
ax + by =c (mod n) 
In analogy with Theorem 4.7, such a congruence has a solution if and only if 
gcd(a , b, n) divides c. The condition for solvability holds if either gcd(a ,n) = 1 or 
gcd(b, n) = 1. Say gcd(a,n) = 1. When the congruence is expressed as 
ax =c — by (mod n) 
the corollary to Theorem 4.7 guarantees a unique solution x for each of the 
n incongruent values of y. Take as a simple illustration 7x + 4y = 5 (mod 12), 
that would be treated as 7x = 5 — 4y (mod 12). Substitution of y = 5 (mod 12) 
gives 7x = —15 (mod 12); but this is equivalent to —5x = —15 (mod 12) so that 
= 3 (mod 12). It follows that x = 3 (mod 12), y = 5 (mod 12) is one of the 12 
incongruent solutions of 7x + 4y = 5 (mod 12). Another solution having the same 
value of x is x = 3 (mod 12), y = 8 (mod 12). 
The focus of our concern here is how to solve a system of two linear congruences 
in two variables with the same modulus. The proof of the coming theorem adopts 
the familiar procedure of eliminating one of the unknowns. 


Theorem 4.9. The system of linear congruences 
ax + by =r (mod n) 
cx + dy =s (mod n) 


has a unique solution modulo n whenever gcd(ad — bc ,n) = 1. 


Proof. Let us multiply the first congruence of the system by d, the second congruence 
by b, and subtract the lower result from the upper. These calculations yield 


(ad — bc)x = dr — bs (mod n) (1) 
The assumption gcd(ad — bc ,n) = 1 ensures that the congruence 
(ad — bc)z = 1 (mod n) 


posseses a unique solution; denote the solution by t. When congruence (1) is multiplied 
by t, we obtain 


x =t(dr — bs) (mod n) 


A value for y is found by a similar elimination process. That is, multiply the first 
congruence of the system by c, the second one by a, and subtract to end up with 


(ad — bc)y = as — cr (mod n) (2) 
Multiplication of this congruence by t leads to 
y = t(as — cr) (modn) 


A solution of the system is now established. 


We close this section with an example illustrating Theorem 4.9. 
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Example 4.11. Consider the system 
7x + 3y = 10 (mod 16) 
2x +S5y = 9 (mod 16) 


Because gcd(7 -5 — 2-3, 16) = gcd(29, 16) = 1, a solution exists. It is obtained by 
the method developed in the proof of Theorem 4.9. Multiplying the first congruence 
by 5, the second one by 3, and subtracting, we arrive at 


29x =5-10—3-9 = 23 (mod 16) 


or, what is the same thing, 13x = 7 (mod 16). Multiplication of this congruence by 5 
(noting that 5 - 13 = 1 (mod 16)) produces x = 35 = 3 (mod 16). When the variable 
x 1s eliminated from the system of congruences in a like manner, it is found that 


29y =7-9—2-10 = 43 (mod 16) 


But then 13y = 11 (mod 16), which upon multiplication by 5, results in y =55 = 
7 (mod 16). The unique solution of our system turns out to be 


x = 3 (mod 16) y =7 (mod 16) 


PROBLEMS 4.4 


1. 


Solve the following linear congruences: 
(a) 25x = 15 (mod 29). 
(b) 5x = 2 (mod 26). 
(c) 6x = 15 (mod 21). 
(d) 36x = 8 (mod 102). 
(e) 34x = 60 (mod 98). 
(f) 140x = 133 (mod 301). 
[Hint: gcd(140 , 301) = 7.] 


. Using congruences, solve the Diophantine equations below: 


(a) 4x+5ly = 9. 
[Hint: 4x = 9 (mod 51) gives x = 15+ 51t, whereas 51y = 9 (mod 4) gives y = 
3 + 4s. Find the relation between s and f.] 

(b) 12x + 25y = 331. 

(c) 5x —53y = 17. 


. Find all solutions of the linear congruence 3x — 7y = 11 (mod 13). 
. Solve each of the following sets of simultaneous congruences: 


(a) x = 1 (mod 3), x = 2 (mod 5), x = 3 (mod 7). 

(b) x = 5 (mod 11), x = 14 (mod 29), x = 15 (mod 31). 

(c) x =5 (mod 6), x = 4 (mod 11), x = 3 (mod 17). 

(d) 2x = 1 (mod 5), 3x = 9 (mod 6), 4x = 1 (mod 7), 5x = 9 (mod 11). 


. Solve the linear congruence 17x = 3 (mod 2 -3 - 5 - 7) by solving the system 


17x = 3 (mod 2) 17x = 3 (mod 3) 
17x = 3 (mod 5) 17x = 3 (mod 7) 


. Find the smallest integer a > 2 such that 


2|a, 3|a4+1, 4la+2,5|a4+3,6|a+4 


10. 


11. 


12. 


13. 
14. 


15. 


16. 


17. 


18. 
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. (a) Obtain three consecutive integers, each having a square factor. 


[Hint: Find an integer a such that 27 |a, 37 |a+1,57|a+2.] 
(b) Obtain three consecutive integers, the first of which is divisible by a square, the 
second by a cube, and the third by a fourth power. 


. (Brahmagupta, 7th century A.D.) When eggs in a basket are removed 2, 3, 4,5, 6 ata 


time there remain, respectively, 1, 2, 3, 4, 5 eggs. When they are taken out 7 at a time, 
none are left over. Find the smallest number of eggs that could have been contained in 
the basket. 


. The basket-of-eggs problem is often phrased in the following form: One egg remains 


when the eggs are removed from the basket 2, 3, 4, 5, or 6 at a time; but, no eggs remain 
if they are removed 7 at a time. Find the smallest number of eggs that could have been 
in the basket. 

(Ancient Chinese Problem.) A band of 17 pirates stole a sack of gold coins. When they 
tried to divide the fortune into equal portions, 3 coins remained. In the ensuing brawl over 
who should get the extra coins, one pirate was killed. The wealth was redistributed, but 
this time an equal division left 10 coins. Again an argument developed in which another 
pirate was killed. But now the total fortune was evenly distributed among the survivors. 
What was the least number of coins that could have been stolen? 

Prove that the congruences 


x =a (mod n) and x = b (modm) 


admit a simultaneous solution if and only if gcd(n , m) | a — b; if a solution exists, confirm 
that it is unique modulo Icm(n , m). 
Use Problem 11 to show that the following system does not possess a solution: 


x = 5 (mod 6) and x =7 (mod 15) 


If x = a (mod n), prove that either x = a (mod 2n) or x = a +n (mod 2n). 

A certain integer between 1 and 1200 leaves the remainders 1, 2, 6 when divided by 9, 

11, 13, respectively. What is the integer? 

(a) Find an integer having the remainders 1, 2, 5, 5 when divided by 2, 3, 6, 12, respec- 
tively. (Yih-hing, died 717). 

(b) Find an integer having the remainders 2, 3, 4, 5 when divided by 3, 4, 5, 6, respectively. 
(Bhaskara, born 1114). 

(c) Find an integer having the remainders 3, 11, 15 when divided by 10, 13, 17, respec- 
tively. (Regiomontanus, 1436-1476). 

Let t, denote the nth triangular number. For which values of n does t, divide 


ttipet+e- +h 


[Hint: Because t? + t3 +--+ +1? = t,n? + 12n? + 13n + 2)/30, it suffices to deter- 
mine those n satisfying 3n? + 12n” + 13n + 2 =0 (mod 2-3 -5).] 
Find the solutions of the system of congruences: 
3x + 4y =5 (mod 13) 
2x + 5y =7 (mod 13) 
Obtain the two incongruent solutions modulo 210 of the system 
2x = 3 (mod 5) 
4x = 2 (mod 6) 
3x = 2 (mod 7) 
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19. Obtain the eight incongruent solutions of the linear congruence 3x + 4y = 5 (mod 8) 
20. Find the solutions of each of the following systems of congruences: 
(a) 5x+3y = 1 (mod 7) 
3x + 2y = 4 (mod 7). 
(b) 7x +3y = 6 (mod 11) 
4x +2y =9 (mod 11). 
(c) llx +5y =7 (mod 20) 
6x + 3y = 8 (mod 20). 


CHAPTER 


5 


FERMAT’S THEOREM 


And perhaps posterity will thank me for having shown it that the 
ancients did not know everything. 
P. DE FERMAT 


5.1 PIERRE DE FERMAT 


What the ancient world had known was largely forgotten during the intellectual 
torpor of the Dark Ages, and it was only after the 12th century that Western Europe 
again became conscious of mathematics. The revival of classical scholarship was 
Stimulated by Latin translations from the Greek and, more especially, from the 
Arabic. The Latinization of Arabic versions of Euclid’s great treatise, the Elements, 
first appeared in 1120. The translation was not a faithful rendering of the Elements, 
having suffered successive, inaccurate translations from the Greek—first into Arabic, 
then into Castilian, and finally into Latin—done by copyists not versed in the content 
of the work. Nevertheless, this much-used copy, with its accumulation of errors, 
served as the foundation of all editions known in Europe until 1505, when the Greek 
text was recovered. 

With the fall of Constantinople to the Turks in 1453, the Byzantine schol- 
ars who had served as the major custodians of mathematics brought the ancient 
masterpieces of Greek learning to the West. It is reported that a copy of what sur- 
vived of Diophantus’ Arithmetica was found in the Vatican library around 1462 by 
Johannes Miiller (better known as Regiomontanus from the Latin name of his native 
town, Konigsberg). Presumably, it had been brought to Rome by the refugees from 
Byzantium. Regiomontanus observed that “In these books the very flower of the 
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Pierre de Fermat 
(1601-1665) 


(David Eugene Smith Collection, Rare Book 
and Manuscript Library, Columbia University) 


whole of arithmetic lies hid,” and tried to interest others in translating it. Notwith- 
standing the attention that was called to the work, it remained practically a closed 
book until 1572 when the first translation and printed edition was brought out by 
the German professor Wilhelm Holzmann, who wrote under the Grecian form of 
his name, Xylander. The Avithmetica became fully accessible to European math- 
ematicians when Claude Bachet—borrowing liberally from Xylander—published 
(1621) the original Greek text, along with a Latin translation containing notes and 
comments. The Bachet edition probably has the distinction of being the work that 
first directed the attention of Fermat to the problems of number theory. 

Few if any periods were so fruitful for mathematics as was the 17th century; 
Northern Europe alone produced as many men of outstanding ability as had ap- 
peared during the preceding millennium. At a time when such names as Desargues, 
Descartes, Pascal, Wallis, Bernoulli, Leibniz, and Newton were becoming famous, a 
certain French civil servant, Pierre de Fermat (1601—1665), stood as an equal among 
these brilliant scholars. Fermat, the “Prince of Amateurs,” was the last great mathe- 
matician to pursue the subject as a sideline to a nonscientific career. By profession a 
lawyer and magistrate attached to the provincial parliament at Toulouse, he sought 
refuge from controversy in the abstraction of mathematics. Fermat evidently had no 
particular mathematical training and he evidenced no interest in its study until he 
was past 30; to him, it was merely a hobby to be cultivated in leisure time. Yet no 
practitioner of his day made greater discoveries or contributed more to the advance- 
ment of the discipline: one of the inventors of analytic geometry (the actual term was 
coined in the early 19th century), he laid the technical foundations of differential 
and integral calculus and, with Pascal, established the conceptual guidelines of the 
theory of probability. Fermat’s real love in mathematics was undoubtedly number 
theory, which he rescued from the realm of superstition and occultism where it had 
long been imprisoned. His contributions here overshadow all else; it may well be 
said that the revival of interest in the abstract side of number theory began with 
Fermat. 
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Fermat preferred the pleasure he derived from mathematical research itself to any 
reputation that it might bring him; indeed, he published only one major manuscript 
during his lifetime and that just 5 years before his death, using the concealing initials 
M.P.E.A.S. Adamantly refusing to put his work in finished form, he thwarted several 
efforts by others to make the results available in print under his name. In partial 
compensation for his lack of interest in publication, Fermat carried on a voluminous 
correspondence with contemporary mathematicians. Most of what little we know 
about his investigations is found in the letters to friends with whom he exchanged 
problems and to whom he reported his successes. They did their best to publicize 
Fermat’s talents by passing these letters from hand to hand or by making copies, 
which were dispatched over the Continent. 

As his parliamentary duties demanded an ever greater portion of his time, Fermat 
was given to inserting notes in the margin of whatever book he happened to be 
using. Fermat’s personal copy of the Bachet edition of Diophantus held in its margin 
many of his famous theorems in number theory. These were discovered by his son 
Samuel 5 years after Fermat’s death. His son brought out a new edition of the 
Arithmetica incorporating Fermat’s celebrated marginalia. Because there was little 
space available, Fermat’s habit had been to jot down some result and omit all steps 
leading to the conclusion. Posterity has wished many times that the margins of the 
Arithmetica had been wider or that Fermat had been a little less secretive about his 
methods. 


5.2.) FERMAT’S LITTLE THEOREM AND PSEUDOPRIMES 


The most significant of Fermat’s correspondents in number theory was Bernhard 
Frénicle de Bessy (1605-1675), an official at the French mint who was renowned for 
his gift of manipulating large numbers. (Frénicle’s facility in numerical calculation is 
revealed by the following incident: On hearing that Fermat had proposed the problem 
of finding cubes that when increased by their proper divisors become squares, as is the 
case with 7° + (1 + 7+ 7’) = 207, he immediately gave four different solutions, and 
supplied six more the next day.) Though in no way Fermat’s equal as a mathematician, 
Frénicle alone among his contemporaries could challenge Fermat in number theory 
and Frénicle’s challenges had the distinction of coaxing out of Fermat some of his 
carefully guarded secrets. One of the most striking is the theorem that states: If p 
is a prime and a is any integer not divisible by p, then p divides a?~' — 1. Fermat 
communicated the result in a letter to Frénicle dated October 18, 1640, along with 
the comment, “I would send you the demonstration, if I did not fear its being too 
long.” This theorem has since become known as “Fermat’s Little Theorem,” or just 
“Fermat’s Theorem,” to distinguish it from Fermat’s “Great” or “Last Theorem,” 
which is the subject of Chapter 12. Almost 100 years were to elapse before Euler 
published the first proof of the little theorem in 1736. Leibniz, however, seems not 
to have received his share of recognition, for he left an identical argument in an 
unpublished manuscript sometime before 1683. 
We now proceed to a proof of Fermat’s theorem. 
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Theorem 5.1 Fermat’s theorem. Let p be a prime and suppose that p / a. Then 
a?-! =1 (mod p). 


Proof. We begin by considering the first p — 1 positive multiples of a; that is, the 
integers 
a, 2a,3a,...,(p—Il)a 


None of these numbers is congruent modulo p to any other, nor is any congruent to 
zero. Indeed, if it happened that 

ra = sa (mod p) l<r<s<p-l 
then a could be canceled to give r = s (mod p), which is impossible. Therefore, the 


previous set of integers must be congruent modulo p to 1, 2,3,..., p — 1, taken in 
some order. Multiplying all these congruences together, we find that 


a-2a-3a---(p—l)a=1-2-3---(p — 1) (mod p) 
whence 
a’~'(p — 1)! = (p — 1)! (mod p) 


Once (p — 1)! is canceled from both sides of the preceding congruence (this is possible 
because since p } (p — 1)!), our line of reasoning culminates in the statement that 
a?! = 1 (mod p), which is Fermat’s theorem. 


This result can be stated in a slightly more general way in which the requirement 


that p ¥ ais dropped. 


Corollary. If p is a prime, then a? = a (mod p) for any integer a. 


Proof. When p|a, the statement obviously holds; for, in this setting, a? =O=a 
(mod p). If p J a, then according to Fermat’s theorem, we have a?~! = 1 (mod p). 
When this congruence is multiplied by a, the conclusion a? = a (mod p) follows. 


There is a different proof of the fact that a? = a (mod p), involving induction 


on a. If a = 1, the assertion is that 1? = 1 (mod p), which clearly is true, as is the 
case a = 0. Assuming that the result holds for a, we must confirm its validity for 
a+ 1. In light of the binomial theorem, 


a+iraare(P)artea (Parte ( 5?) Jar 


where the coefficient (7) is given by 


@E po. Pe De paks)) 
kK} ki p—k)! | hero caek 


Our argument hinges on the observation that ({) = 0 (mod p) for! <k < p—1. 
To see this, note that 


KI (2) = pp = 1)-( = + 1) = 0 04 p) 
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by virtue of which p|k! or p|({). But p|k! implies that p | j for some j satisfying 
1 < j <k < p—1,an absurdity. Therefore, p | ({) or, converting to a congruence 


Statement, 
(7) = (0 (mod p) 


The point we wish to make is that 
(a+ 1)? =a’ +1=a+1 (mod p) 


where the rightmost congruence uses our inductive assumption. Thus, the desired 
conclusion holds for a + 1 and, in consequence, for all a > 0. If a happens to be 
a negative integer, there is no problem: because a = r (mod p) for some 7, where 
O<r<p-—1,wegeta? =r? =r =a (mod p). 

Fermat’s theorem has many applications and is central to much of what is done 
in number theory. In the least, it can be a labor-saving device in certain calculations. 
If asked to verify that 5°8 = 4 (mod 11), for instance, we take the congruence 5!° = | 
(mod 11) as our starting point. Knowing this, 


538 = 510-348 = (519)3(52)4 
= [3.34 = 81 =4 (mod 11) 


as desired. 
Another use of Fermat’s theorem is as a tool in testing the primality of a given 
integer n. If it could be shown that the congruence 


a” =a (mod n) 


fails to hold for some choice of a, then n is necessarily composite. As an example 
of this approach, let us look at n = 117. The computation is kept under control by 
selecting a small integer for a, say, a = 2. Because 2!!’ may be written as 


gil7 oa Q716+5 ae (2))2? 
and 2’ = 128 = 11 (mod 117), we have 
| QT = 4416.95 = (121)825 = 48.25 = 2?! (mod 117) 
But 27! = (27), which leads to 
27) = 11° =121-11 =4-11 = 44 (mod 117) 
Combining these congruences, we finally obtain 
2'!7 = 44 #2 (mod 117) 


so that 117 must be composite; actually, 117 = 13 - 9. 

It might be worthwhile to give an example illustrating the failure of the converse 
of Fermat’s theorem to hold, in other words, to show that if a’~! = 1 (mod n) for 
some integer a, then n need not be prime. As a prelude we require a technical lemma. 


Lemma. If p and gq are distinct primes with a? =a (mod q) and a? =a (mod p), 
then a?? = a (mod pq). 
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Proof. The last corollary tells us that (a7)? = a? (mod p), whereas a? = a (mod p) 
holds by hypothesis. Combining these congruences, we obtain a?? = a (mod p) or, in 
different terms, p | a?? — a. In an entirely similar manner, g | a’? — a. Corollary 2 to 
Theorem 2.4 now yields pq |a?? — a, which can be recast as a?? = a (mod pq). 


Our contention is that 2°4° = 1 (mod 341), where 341 = 11 - 31. In working 
toward this end, notice that 2!° = 1024 = 31 - 33 + 1. Thus, 


2''—2.2!°=2.1=2(mod31) 
and 
OP SIO =] 2 =P mod 11) 
Exploiting the lemma, 
2!1'3! — 2 (mod 11 - 31) 
or 274! = 2 (mod 341). After canceling a factor of 2, we pass to 
274° = 1 (mod 341) 


so that the converse to Fermat’s theorem is false. 

The historical interest in numbers of the form 2” — 2 resides in the claim made by 
Chinese mathematicians over 25 centuries ago that n is prime if and only ifn | 2” — 2 
(in point of fact, this criterion is reliable for all integers n < 340). Our example, 
where 341 | 2°4! — 2, although 341 = 11 - 31, lays the conjecture to rest; this was 
discovered in the year 1819. The situation in which n | 2” — 2 occurs often enough 
to merit a name, though: A composite integer n is called pseudoprime whenever 
n | 2” — 2. It can be shown that there are infinitely many pseudoprimes, the smallest 
four being 341, 561, 645, and 1105. 

Theorem 5.2 allows us to construct an increasing sequence of pseudoprimes. 


Theorem 5.2. If is an odd pseudoprime, then M, = 2” — 1 is a larger one. 


Proof. Because n is a composite number, we can write n =rs, with 1 <r < 
s <n. Then, according to Problem 21, Section 2.3, 2” — 1|2” — 1, or equivalently 
2’ —1|M,, making M, composite. By our hypotheses, 2” = 2 (mod n); hence 
2” —2 = kn for some integer k. It follows that 


QMn—1 = q2"—2 = gkn 
This yields 


2Me-h— {1 = 2" — J 
= (2" — 1)(2"&-D a qnk—2) een de 1) 
= M,,(2%&-D 4 onk-2) 4... 4 2" 4-1) 
= 0 (mod M,,) 


We see immediately that 2“ — 2 = 0(mod M,,), in light of which M,, is a pseudoprime. 
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More generally, a composite integer n for which a” = a (mod n) is called a 
pseudoprime to the base a. (When a = 2, n is simply said to be a pseudoprime.) For 
instance, 91 is the smallest pseudoprime to base 3, whereas 217 is the smallest such 
to base 5. It has been proved (1903) that there are infinitely many pseudoprimes to 
any given base. 

These “prime imposters” are much rarer than are actual primes. Indeed, there are 
only 245 pseudoprimes smaller than one million, in comparison with 78498 primes. 
The first example of an even pseudoprime, namely, the number 


161038 = 2-73-1103 


was found in 1950. 

There exist composite numbers n that are pseudoprimes to every base a; that is, 
a” =a (mod n) for all integers a. The least such is 561. These exceptional numbers 
are called absolute pseudoprimes or Carmichael numbers, for R. D. Carmichael, 
who was the first to notice their existence. In his first paper on the subject, published 
in 1910, Carmichael indicated four absolute pseudoprimes including the well-known 
561 = 3-11-17;the others are 1105 = 5- 13- 17,2821 = 7-13 -31,and 15841 = 
7-31-73. Two years later he presented 11 more having three prime factors and 
discovered one absolute pseudoprime with four factors, specifically, 16046641 = 
13 - 37-73 -457. The largest number of this kind known to date is the product of 
1101518 distinct odd primes: It has 16142049 digits. 

To see that 561 = 3-11-17 must be an absolute pseudoprime, notice that 
gcd(a , 561) = 1 gives 


gcd(a,3) = gcd(a,11)= gced(a,17)=1 
An application of Fermat’s theorem leads to the congruences 
a> =1(mod3) a!®=1(mod11) ~~ a!®°=1 (mod 17) 

and, in turn, to 

a>? = (q’)*®9 = 1 (mod 3) 

a>? = (q!°)°® = 1 (mod 11) 

gq? = (q!®)*> = | (mod 17) 
These give rise to the single congruence a>’ = 1 (mod 561), where gcd(a , 561) = 1. 
But then a>°! = a (mod 561) for all a, showing 561 to be an absolute pseudoprime. 

Any absolute pseudoprime is square-free. This is easy to prove. Suppose 

that a” = a(modn) for every integer a, but k? |n forsomek > 1.If weleta = k, then 
k" =k (mod n). Because k? | n, this last congruence holds modulo k?; that is, k = 
k” = 0 (mod k”), whence k? | k, which is impossible. Thus, n must be square-free. 


Next we present a theorem that furnishes a means for producing absolute 
pseudoprimes. 


Theorem 5.3. Let n be a composite square-free integer, say, n = pi p2--- P,, where 
the p; are distinct primes. If p; —1|n —1 fori =1,2,...,r, then 7 is an absolute 
pseudoprime. 
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Proof. Suppose that a is an integer satisfying gcd(a ,n) = 1, so that gcd(a, p;) = 1 
for each i. Then Fermat’s theorem yields p; |a?~! — 1. From the divisibility hy- 
pothesis p; — 1|n — 1, we have p; |a”~' — 1, and therefore p; | a” — a for all a and 
1 =1,2,...,r. As aresult of Corollary 2 to Theorem 2.4, we end up with n | a” — a, 
which makes n an absolute pseudoprime. 


Examples of integers that satisfy the conditions of Theorem 5.3 are 


1729S 7213-219 6601 = 7-23-41 10585 = 5-29-73 


It was proven in 1994 that infinitely many absolute pseudoprimes exist, but that they 
are fairly rare. There are just 43 of them less than one million, and 105212 less 


than 10!°. 
PROBLEMS 5.2 
1. Use Fermat’s theorem to verify that 17 divides 11! +4 1. 
2. (a) If gcd(a , 35) = 1, show that a!* = 1 (mod 35). 
(Hint: From Fermat’s theorem a® = 1 (mod 7) and a* = 1 (mod 5).] 
(b) If gcd(a , 42) = 1, show that 168 = 3-7 - 8 divides a® — 1. 
(c) If gcd(a , 133) = ged(b, 133) = 1, show that 133|a!® — p!8. 
3. From Fermat’s theorem deduce that, for any integer n > 0, 13|11'2"*® + 1. 


10. 


11. 


. Derive each of the following congruences: 


(a) a*! =a (mod 15) forall a. 
[Hint: By Fermat’s theorem, a? = a (mod 5).] 
(b) a’ =a (mod 42) for all a. 
(c) a3 =a (mod 3-7- 13) foralla. 
(d) a? =a (mod 30) for all a. 


. If gcd(a , 30) = 1, show that 60 divides a* + 59. 
. (a) Find the units digit of 3!°° by the use of Fermat’s theorem. 


(b) For any integer a, verify that a? and a have the same units digit. 


. If7 Ja, prove that either a? + 1 or a? — 1 is divisible by 7. 
. The three most recent appearances of Halley’s comet were in the years 1835, 1910, and 


1986; the next occurrence will be in 2061. Prove that 


18351719 4. 1986206! = 0 (mod 7) 


. (a) Let p be a prime and gcd(a, p) = 1. Use Fermat’s theorem to verify that x = a?~*b 


(mod p) is a solution of the linear congruence ax = b (mod p). 
(b) By applying part (a), solve the congruences 2x = 1 (mod 31), 6x = 5 (mod 11), and 
3x = 17 (mod 29). 
Assuming that a and b are integers not divisible by the prime p, establish the following: 
(a) If a? = b? (mod p), then a = b (mod p). 
(b) If a? = b? (mod p), then a? = b? (mod p’). 
[Hint: By (a),a = b+ pk forsome k, so thata? — b? = (b+ pk)? — b?; now show 
that p divides the latter expression. ] 
Employ Fermat’s theorem to prove that, if p is an odd prime, then 
(a) 12-1427"! 4+ 3P-1 4 ...4(p— 1)? | =—1 (mod p). 
(b) 1? +2? 4+ 3?4+.---+(p— 1)? = 0 (mod p). 
[Hint: Recall the identity 1+ 2+3+---+(p—1)= p(p—-1)/2.] 


12. 


13. 


14. 


15. 


16. 


V7. 


18. 


19. 


20. 


21. 


Di 
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Prove that if p is an odd prime and k is an integer satisfying 1 < k < p —1, then the 
binomial coefficient 


(’ : ' = (1) (mod p) 


Assume that p and gq are distinct odd primes such that p — 1|q — 1. If gcd(a, pq) = 1, 
show that a?—! = 1 (mod pq). 
If p and q are distinct primes, prove that 


p?'+q?' =1 (mod pq) 


Establish the statements below: 

(a) If the number M, = 2? — 1 is composite, where p is a prime, then M, is a pseudo- 
prime. 

(b) Every composite number F,, = 27° + 1 is a pseudoprime (n = 0, 1, 2, ...). 
[Hint: By Problem 21, Section 2.3, 2”+!|22" implies that 22" — 1|2’—! —1; 
but F,, | 22"" — 1.] 

Confirm that the following integers are absolute pseudoprimes: 

(a) 1105 =5-13-17. 

(b) 2821 = 7-13-31. 

(c) 2465 = 5-17-29. 

Show that the smallest pseudoprime 341 is not an absolute pseudoprime by showing that 

11°41 4 11 (mod 341). 

[Hint: 31 7 1174! — 11] 

(a) When n = 2p, where p is an odd prime, prove that a”~! =a (mod n) for any 
integer a. 

(b) Forn = 195 =3-5- 13, verify that a”~* = a (mod n) for any integer a. 

Prove that any integer of the form 


n = (6k + 1)(12k + 1)(18k 4+ 1) 


is an absolute pseudoprime if all three factors are prime; hence, 1729 = 7- 13 - 19 is an 
absolute pseudoprime. 

Show that 561 | 2°°' — 2 and 561 | 3°°! — 3. It is an unanswered question whether there 
exist infinitely many composite numbers 7 with the property that n | 2” — 2 andn | 3” — 3. 
Establish the congruence 


29999? 5555 = 0 (mod 7) 


[Hint: First evaluate 1111 modulo 7.] 


WILSON’S THEOREM 


We now turn to another milestone in the development of number theory. In his 
Meditationes Algebraicae of 1770, the English mathematician Edward Waring 
(1734-1798) announced several new theorems. Foremost among these is an in- 
teresting property of primes reported to him by one of his former students, a certain 
John Wilson. The property is the following: If p is a prime number, then p divides 
(p — 1)! + 1. Wilson appears to have guessed this on the basis of numerical com- 
putations; at any rate, neither he nor Waring knew how to prove it. Confessing his 
inability to supply a demonstration, Waring added, “Theorems of this kind will be 
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very hard to prove, because of the absence of a notation to express prime numbers.” 
(Reading the passage, Gauss uttered his telling comment on “notationes versus no- 
tiones,” implying that in questions of this nature it was the notion that really mattered, 
not the notation.) Despite Waring’s pessimistic forecast, soon afterward Lagrange 
(1771) gave a proof of what in literature is called “Wilson’s theorem” and observed 
that the converse also holds. Perhaps it would be more just to name the theorem after 
Leibniz, for there is evidence that he was aware of the result almost a century earlier, 
but published nothing on the subject. 
Now we give a proof of Wilson’s theorem. 


Theorem 5.4 Wilson. If p is a prime, then (p — 1)! = —1 (mod p). 


Proof. Dismissing the cases p = 2 and p = 3 as being evident, let us take p > 3. 
Suppose that a is any one of the p — | positive integers 


1.9 3s ca pel 


and consider the linear congruence ax = 1 (mod p). Then gcd(a , p) = 1. By Theorem 
4.7, this congruence admits a unique solution modulo p; hence, there is a unique integer 
a’, with 1 <a’ < p —1, satisfying aa’ = 1 (mod p). 

Because p is prime, a = a’ if and only if a = 1 or a = p — 1. Indeed, the con- 
gruence a* = 1 (mod p) is equivalent to (a — 1) - (a + 1) = 0 (mod p). Therefore, 
either a — 1 = 0 (mod p), in which case a = 1, ora + 1 = 0 (mod p), in which case 
a=p-l. 

If we omit the numbers 1 and p — 1, the effect is to group the remaining integers 
2,3,..., p — 2 into pairs a, a’, where a $ a’, such that their product aa’ = 1 (mod p). 
When these (p — 3)/2 congruences are multiplied together and the factors rearranged, 
we get 


2-3---(p—2) = 1 (mod p) 
or rather 
(p — 2)! = 1 (mod p) 
Now multiply by p — 1 to obtain the congruence 
(p — 1)! = p-—1=-1 (mod p) 


as was to be proved. 


Example 5.1. A concrete example should help to clarify the proof of Wilson’s theorem. 
Specifically, let us take p = 13. It is possible to divide the integers 2,3,..., 11 into 
(p — 3)/2 =5 pairs, each product of which is congruent to 1 modulo 13. To write 
these congruences out explicitly: 
2-7 = 1 (mod 13) 
3-9 = 1 (mod 13) 
4-10 = 1 (mod 13) 
5-8 = 1 (mod 13) 
6-11 = 1 (mod 13) 
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Multiplying these congruences gives the result 
1l!=(@-7)3-9)4- 10)(5 - 8)(6- 11) = 1 (mod 13) 
and so 
12! = 12 = —1 (mod 13) 
Thus, (p — 1)! = —1 (mod p), with p = 13. 


The converse of Wilson’s theorem is also true. If (n — 1)! = —1 (mod n), then 
n must be prime. For, if 1 is not a prime, then n has a divisor d with 1 < d <n. 
Furthermore, because d < n — 1, d occurs as one of the factors in (n — 1)!, whence 
d|(n — 1)!. Now we are assuming that n | (n — 1)! + 1, and sod |(n — 1)! + 1, too. 
The conclusion is that d | 1, which is nonsense. 

Taken together, Wilson’s theorem and its converse provide a necessary and 
sufficient condition for determining primality; namely, an integer n > 1 is prime if 
and only if (n — 1)! = —1(modjn). Unfortunately, this test is of more theoretical than 
practical interest because as n increases, (n — 1)! rapidly becomes unmanageable in 
Size. 

We would like to close this chapter with an application of Wilson’s theorem 
to the study of quadratic congruences. [It is understood that quadratic congruence 
means a congruence of the form ax* + bx +c =0 (mod n), with a € 0 (mod n).] 
This is the content of Theorem 5.5. 


Theorem 5.5. The quadratic congruence x* + 1 = 0 (mod p), where p is an odd 
prime, has a solution if and only if p = 1 (mod 4). 


Proof. Let a be any solution of x? + 1 = 0 (mod p), so that a2 = —1 (mod p). Because 
p X a, the outcome of applying Fermat’s theorem is 
=P} = (7s? DP = (-1)?-Y? (mod p) 
The possibility that p = 4k + 3 for some k does not arise. If it did, we would have 
a = ey" | 


hence, 1 = —1 (mod p). The net result of this is that p|2, which is patently false. 
Therefore, p must be of the form 4k + 1. 
Now for the opposite direction. In the product 


_ ] 
(p — 1)! =1-2--- = ST... (p-2p- 1) 


we have the congruences 


p—1=-1 (mod p) 
p —2 = —2 (mod p) 


pal p-1 
Seige age (mod p) 
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Rearranging the factors produces 


—1 
(p= Dis 1(-1)-2-(-2)---P=*. (2) (mod p) 


2 
= (2)?-7 (: YD og 2) (mod p) 


because there are (p — 1)/2 minus signs involved. It is at this point that Wilson’s 
theorem can be brought to bear; for, (p — 1)! = —1 (mod p), whence 


2 
Sar oer (a) (mod p) 


If we assume that p is of the form 4k + 1, then (—1)~!/* = 1, leaving us with the 


congruence 
my | 2 
== (a) (mod p) 


The conclusion is that the integer [(p — 1)/2]! satisfies the quadratic congruence x* + 1 
= 0 (mod p). 


Let us take a look at an actual example, say, the case p = 13, which is a prime 


of the form 4k + 1. Here, we have (p — 1)/2 = 6, and it is easy to see that 


and 


6! = 720 = 5 (mod 13) 


5* 4+ 1 = 26 = 0 (mod 13) 


Thus, the assertion that [((p — 1)/2)!]? + 1 = 0 (mod p) is correct for p = 13. 


Wiulson’s theorem implies that there exists an infinitude of composite numbers 


of the form n! + 1. On the other hand, it is an open question whether n! + 1 is prime 
for infinitely many values of n. The only values of n in the range 1 < n < 100 for 
which n! + 1 is known to be a prime number are n = 1, 2, 3, 11, 27, 37, 41, 73, and 
77. Currently, the largest prime of the form n! + 1 is 6380! + 1, discovered in 2000. 


PROBLEMS 5.3 


1. 


On b&b WwW NY 


N 


(a) Find the remainder when 15! is divided by 17. 
(b) Find the remainder when 2(26!) is divided by 29. 


. Determine whether 17 is a prime by deciding whether 16! = —1 (mod 17). 

. Arrange the integers 2, 3, 4,..., 21 in pairs a and b that satisfy ab = 1 (mod 23). 
. Show that 18! = —1 (mod 437). 

. (a) Prove that an integer n > 1 is prime if and only if (n — 2)! = 1 (mod zn). 


(b) If m is a composite integer, show that (n — 1)! = 0 (mod 7), except when n = 4. 


. Given a prime number p, establish the congruence 


(p= 1)lh=p— 1 Gned 1 24 Fe pad) 


10. 


11. 


12. 
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. If p is a prime, prove that for any integer a, 


pla’ +(p-l)!a and P\(p—-—W!a’ +a 
[Hint: By Wilson’s theorem, a? + (p — 1)!a =a? —a (mod p).| 


. Find two odd primes p < 13 for which the congruence (p — 1)! = —1 (mod p’) holds. 
. Using Wilson’s theorem, prove that for any odd prime p, 


[23a po?) = (1) es (ned. p) 
[Hint: Because k = —(p — k) (mod p), it follows that 
2-4-6---(p—1) = (-DY?- P71. 3-5---(p — 2) (mod p).] 
(a) For a prime p of the form 4k + 3, prove that either 


(2): = | (mod p) or (2): = —1 (mod p) 


hence, [(p — 1)/2]! satisfies the quadratic congruence x” = 1 (mod p). 
(b) Use part (a) to show that if p = 4k + 3 is prime, then the product of all the even 
integers less than p is congruent modulo p to either 1 or —1. 
(Hint: Fermat’s theorem implies that 2”~)/* = +1 (mod p).] 
Apply Theorem 5.5 to obtain two solutions to each of the quadratic congruences x* = — 
(mod 29) and x* = —1 (mod 37). 
Show that if p = 4k + 3 is prime and a” + b* = 0 (mod p), thena = b = 0 (mod p). 
[Hint: If a 4 0 (mod p), then there exists an integer c such that ac = 1 (mod p); use this 
fact to contradict Theorem 5.5.] 


. Supply any missing details in the following proof of the irrationality of 2: Suppose 


/2 = a/b, with gcd(a , b) = 1. Then a2 = 2b?, so that a2 + b? = 3b. But 3| (a? +b?) 
implies that 3 | a and 3 | b, a contradiction. 


. Prove that the odd prime divisors of the integer n” + 1 are of the form 4k + 1. 


[Hint: Theorem 5.5.] 


. Verify that 4(29!) + 5! is divisible by 31. 
. Fora prime p and 0 <k < p — 1, show that k!(p — k — 1)! = (-1)**! (mod p). 
. If p and q are distinct primes, prove that for any integer a, 


pq\a"? —a? —at+a 


. Prove that if p and p + 2 are a pair of twin primes, then 


4((p — 1)! 4+. 1)+ p =0 (mod p(p + 2)) 


5.4 THE FERMAT-KRAITCHIK FACTORIZATION METHOD 


In a fragment of a letter, written in all probability to Father Marin Mersenne in 1643, 
Fermat described a technique of his for factoring large numbers. This represented 
the first real improvement over the classical method of attempting to find a factor 
of n by dividing by all primes not exceeding ./n. Fermat’s factorization scheme has 
at its heart the observation that the search for factors of an odd integer n (because 
powers of 2 are easily recognizable and may be removed at the outset, there is no 
loss in assuming that n is odd) is equivalent to obtaining integral solutions x and y 
of the equation 


n=x?—y? 
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If n is the difference of two squares, then it is apparent that n can be factored as 
hax —y =e+ ye =y) 


Conversely, when n has the factorizationn = ab, witha > b > 1, then we may write 


a+b\’ a—b\? 
n= a 
2 2 
Moreover, because n is taken to be an odd integer, a and b are themselves odd; hence 
(a + b)/2 and (a — b)/2 will be nonnegative integers. 
One begins the search for possible x and y satisfying the equation n = x? — y’, 


or what is the same thing, the equation 


won=y 


by first determining the smallest integer k for which k? > n. Now look successively 
at the numbers 
lo =n CtAy Hk 2y Hk By Snes: 


until a value of m > ./n is found making m? — n a square. The process cannot go 
on indefinitely, because we eventually arrive at 


n+1\° n—1\? 
ee | Eiores 
2 2 
the representation of n corresponding to the trivial factorization n = n - 1. If this 
point is reached without a square difference having been discovered earlier, then n 


has no factors other than n and 1, in which case it is a prime. 
Fermat used the procedure just described to factor 


2027651281 = 44021 - 46061 


in only 11 steps, as compared with making 4580 divisions by the odd primes up to 
44021. This was probably a favorable case devised on purpose to show the chief 
virtue of his method: It does not require one to know all the primes less than ./n to 
find factors of n. 


Example 5.2. To illustrate the application of Fermat’s method, let us factor the integer 
n = 119143. From a table of squares, we find that 345” < 119143 < 346; thus it 
suffices to consider values of k* — 119143 for those k that satisfy the inequality 346 < 
k < (119143 + 1)/2 = 59572. The calculations begin as follows: 

346* — 119143 = 119716 — 119143 = 573 

3477 — 119143 = 120409 — 119143 = 1266 

3487 — 119143 = 121104 — 119143 = 1961 

3497 — 119143 = 121801 — 119143 = 2658 

3507 — 119143 = 122500 — 119143 = 3357 

3517 — 119143 = 123201 — 119143 = 4058 

3527 — 119143 = 123904 — 119143 = 4761 = 69 
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This last line exhibits the factorization 
119143 = 352° — 697 = (352 + 69)(352 — 69) = 421 - 283 


the two factors themselves being prime. In only seven trials, we have obtained the prime 
factorization of the number 119143. Of course, one does not always fare so luckily; it 
may take many steps before a difference turns out to be a square. 


Fermat’s method is most effective when the two factors of n are of nearly the 
same magnitude, for in this case a suitable square will appear quickly. To illustrate, 
let us suppose that n = 23449 is to be factored. The smallest square exceeding n is 
154”, so that the sequence k? — n starts with 


154° — 23449 = 23716 — 23449 = 267 
155* — 23449 = 24025 — 23449 = 576 = 24? 


Hence, factors of 23449 are 
23449 = (155 + 24)(155 — 24) = 179-131 


When examining the differences k* — n as possible squares, many values can be 
immediately excluded by inspection of the final digits. We know, for instance, that 
a Square must end in one of the six digits 0, 1, 4, 5, 6, 9 (Problem 2(a), Section 4.3). 
This allows us to exclude all values in Example 5.2, save for 1266, 1961, and 4761. 
By calculating the squares of the integers from 0 to 99 modulo 100, we see further 
that, for a square, the last two digits are limited to the following 22 possibilities: 


00 21 41 64 89 
O1 24 44 69 96 
04 25 49 76 
09 29 56 81 
16 36 61 84 


The integer 1266 can be eliminated from consideration in this way. Because 61 is 
among the last two digits allowable in a square, it is only necessary to look at the 
numbers 1961 and 4761; the former is not a square, but 4761 = 697. 

There is a generalization of Fermat’s factorization method that has been used 
with some success. Here, we look for distinct integers x and y such that x* — y? is 
a multiple of n rather than n itself; that is, 


x? = y’ (mod n) 


Having obtained such integers, d = gcd(x — y,n) (ord = gcd(x + y,n)) can be 
calculated by means of the Euclidean Algorithm. Clearly, d is a divisor of n, but is 
it a nontrivial divisor? In other words, do we have 1 <d <n? 

In practice, n is usually the product of two primes p and g, with p < q, so that 
d is equal to 1, p, g, or pg. Now the congruence x* = y” (mod n) translates into 
pq |(x — y)(x + y). Euclid’s lemma tells us that p and g must divide one of the 
factors. If it happened that p |x — y and q|x — y, then pq |x — y, or expressed as 
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a congruence x = y (mod n). Also, p|x + y andg|x+y yield x = —y (mod n). 
By seeking integers x and y satisfying x? = y* (mod n), where x # +y (mod n), 
these two situations are ruled out. The result of all this is that d is either p or q, 
giving us a nontrivial divisor of n. 


Example 5.3. Suppose we wish to factor the positive integer n = 2189 and happen to 
notice that 579? = 187 (mod 2189). Then we compute 


gcd(579 — 18, 2189) = gced(561 , 2189) = 11 
using the Euclidean Algorithm: 
2189 = 3 - 561 + 506 
561 = 1-506+4 55 
506 = 9-554 11 
oe ee ee | 

This leads to the prime divisor 11 of 2189. The other factor, namely 199, can be obtained 
by observing that 


gcd(579 + 18,2189) = gcd(597, 2189) = 199 


The reader might wonder how we ever arrived at a number, such as 579, whose 
square modulo 2189 also turns out to be a perfect square. In looking for squares 
close to multiples of 2189, it was observed that 


817—3-2189=-6 and  1557—11-2189=—54 
which translates into 
817 = —2-3(mod 2189) and 1557 = —2-3° (mod 2189) 
When these congruences are multiplied, they produce 
(81 - 155)* = (2 - 3”)? (mod 2189) 


Because the product 81 - 155 = 12555 = —579 (mod 2189), we ended up with the 
congruence 5797 = 187 (mod 2189). 

The basis of our approach is to find several x; having the property that each x? 
is, modulo n, the product of small prime powers, and such that their product’s square 
is congruent to a perfect square. 

When vn has more than two prime factors, our factorization algorithm may still 
be applied; however, there is no guarantee that a particular solution of the congruence 
x* = y* (mod n), with x 4 +y (mod n), will result in a nontrivial divisor of n. Of 
course the more solutions of this congruence that are available, the better the chance 
of finding the desired factors of n. 

Our next example provides a considerably more efficient variant of this last 
factorization method. It was introduced by Maurice Kraitchik in the 1920s and 
became the basis of such modern methods as the quadratic sieve algorithm. 


Example 5.4. Let n = 12499 be the integer to be factored. The first square just larger 


than n is 1127 = 12544. So we begin by considering the sequence of numbers x”? — n 
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for x = 112, 113,.... As before, our interest is in obtaining a set of values xj, 
X2,...,Xx for which the product (x; —7n)---(x, —n) is a square, say y’. Then 
(x1 +++ x4)” = y* (mod n), which might lead to a nontrivial factor of n. 

A short search reveals that 


112” — 12499 = 45 
1177 — 12499 = 1190 
1217 — 12499 = 2142 
or, written as congruences, 
112” = 37-5 (mod 12499) 
1177 =2-5-7-17 (mod 12499) 
1217 =2-3*-7-17 (mod 12499) 
Multiplying these together results in the congruence 
(112-117-121)? = (2-3*-5-7-17)* (mod 12499) 
that is, 
15855847 = 10710* (mod 12499) 
But we are unlucky with this square combination. Because 
1585584 = 10710 (mod 12499) 
only a trivial divisor of 12499 will be found. To be specific, 
gcd(1585584 + 10710, 12499) = 1 
gcd(1585584 — 10710, 12499) = 12499 
After further calculation, we notice that 
1137 = 2-5-3° (mod 12499) 
127? =2-3-5-11* (mod 12499) 
which gives rise to the congruence 
(113 - 127)? = (2-3*- 5-11)? (mod 12499) 
This reduces modulo 12499 to 
18527 = 990° (mod 12499) 
and fortunately 1852 4 + 990 (mod 12499). Calculating 
gcd(1852 — 990, 12499) = gcd(862, 12499) = 431 


produces the factorization 12499 = 29 - 431. 
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PROBLEMS 5.4 


1. 


Use Fermat’s method to factor each of the following numbers: 

(a) 2279. 

(b) 10541. 

(c) 340663 [Hint: The smallest square just exceeding 340663 is 5847.] 


. Prove that a perfect square must end in one of the following pairs of digits: 00, 01, 04, 09, 


16, 21, 24, 25, 29, 36, 41, 44, 49, 56, 61, 64, 69, 76, 81, 84, 89, 96. 
[Hint: Because x7 = (50 + x)* (mod 100) and x? = (50 — x)* (mod 100), it suffices to 
examine the final digits of x? for the 26 values x = 0, 1, 2,..., 25.] 


. Factor the number 2!! — 1 by Fermat’s factorization method. 
. In 1647, Mersenne noted that when a number can be written as a sum of two relatively 


prime squares in two distinct ways, it is composite and can be factored as follows: If 
n=a*+b* =c* +d’, then 
(ac + bd)(ac — bd) 
~  (@td\a—d) 
Use this result to factor the numbers 
493 = 187 + 137 = 22? + 3? 
and 


38025 — 168% + 997 = 1567 + 1177 


. Employ the generalized Fermat method to factor each of the following numbers: 


(a) 2911 [Hint: 1387 = 67? (mod 2911).] 
(b) 4573 [Hint: 1777 = 92? (mod 4573).] 
(c) 6923 [Hint: 2087 = 937 (mod 6923).] 


. Factor 13561 with the help of the congruences 


2337 = 3*-5 (mod 13561) — and 12817 = 2*. 5 (mod 13561) 


. (a) Factor the number 4537 by searching for x such that 


Yk 4537 


is the product of small prime powers. 
(b) Use the procedure indicated in part (a) to factor 14429. 
[Hint: 1207 — 14429 = —29 and 30037 — 625 - 14429 = —116.] 


. Use Kraitchik’s method to factor the number 20437. 


CHAPTER 


6 


NUMBER-THEORETIC FUNCTIONS 


Mathematicians are like Frenchmen: whatever you say to them they translate 
into their own language and forthwith it is something entirely different. 
GOETHE 


6.1 THE SUM AND NUMBER OF DIVISORS 


Certain functions are found to be of special importance in connection with the study 
of the divisors of an integer. Any function whose domain of definition is the set of 
positive integers is said to be a number-theoretic (or arithmetic) function. Although 
the value of a number-theoretic function is not required to be a positive integer or, 
for that matter, even an integer, most of the number-theoretic functions that we shall 
encounter are integer-valued. Among the easiest to handle, and the most natural, are 
the functions t ando. 


Definition 6.1. Given a positive integer n, let t(m) denote the number of positive 
divisors of n and o(n) denote the sum of these divisors. 


For an example of these notions, consider n = 12. Because 12 has the positive 
divisors 1, 2, 3, 4, 6, 12, we find that 


t(12) = 6 and o(12) =14+24+34+4+6+4 12= 28 
For the first few integers, 


t(1)=1 1(2)=2 1(3)=2 1(4)=3 1(5)=2 1(6)=4,... 
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and 
o(1) = 1,¢0(2) = 3,08) = 4, o(4) = 7, 0) = 6, 0 (6) = 12,... 


It is not difficult to see that t(m) = 2 if and only if nm is a prime number; also, 
a(n) =n +1 if and only if 7 is a prime. 

Before studying the functions t and o in more detail, we wish to introduce 
notation that will clarify a number of situations later. It is customary to interpret the 


symbol 
> f@ 


d|n 


to mean, “Sum the values f(d) as d runs over all the positive divisors of the positive 
integer 1.” For instance, we have 


>» 1@= f+ fZ)+ fA + FG) + fU0) + f(20) 
d | 20 
With this understanding, t and o may be expressed in the form 
t(n)= > 1 o(n)=)_d 
d|n d|n 


The notation )_, in 1, in particular, says that we are to add together as many 1’s as 
there are positive divisors of n. To illustrate: The integer 10 has the four positive 
divisors 1, 2, 5, 10, whence 


r(10)= )°1=14+1+1+1=4 
d|10 


and 
o(10)= ) d=1+2+54+10=18 
d|10 


Our first theorem makes it easy to obtain the positive divisors of a positive 
integer n once its prime factorization is known. 
Theorem 6.1. If n = pi py .. + p* is the prime factorization of n > 1, then the pos- 
itive divisors of n are precisely those integers d of the form 


d = pi' Py Py 
where 0 < a; < kj G@ =1,2,...,7r). 
Proof. Note that the divisor d = 1 is obtained when a; = a2 = --- =a, = 0, andn 
itself occurs when a; = kj, dg = k2,...,a, = k,. Suppose that d divides n nontriv- 


ially; say, n = dd’, where d > 1, d’ > 1. Express both d and d’ as products of (not 
necessarily distinct) primes: 

d = qiq2°°'s d' =tto---t, 
with q;, t; prime. Then 


ky _k k, 
Pi Po °°" DP; =Q°°' sty ++ ly 
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are two prime factorizations of the positive integer n. By the uniqueness of the prime 
factorization, each prime q; must be one of the p;. Collecting the equal primes into a 
single integral power, we get 

a; _ a2 


d = qi92°-'qs = Pj Po +s per 


where the possibility that a; = 0 is allowed. 
Conversely, every number d = p}' p5’--- p* (0 < a; < k;) turns out to be a di- 
visor of n. For we can write 


eee See k, 
n= py P2 "7° Dy 


= (p™ p@ ... pe (pi p-@ ... pra) 
7) 


with d’ = pi! py @ +.» pk and k; — a; > 0 for eachi. Then d’ > O andd |n. 


We put this theorem to work at once. 


Theorem 6.2. If n = p{' p,’ --- p*" is the prime factorization of n > 1, then 


(a) tT(n) = (ky + I(k2 + 1)---(&, + 1), and 


ky +1 k2+1 k,+1 

Dp —lp —] petal 
(b) 6) = SS 

BS ped Pr-1 


Proof. According to Theorem 6.1, the positive divisors of n are precisely those integers 


d = p;' py? --- po 
where 0 < a; < k;. There are k; + 1 choices for the exponent a;; kz + 1 choices for 
dy,...;andk, + 1 choices for a,. Hence, there are 


(ky + I)(ko + 1)--- (A + 1) 


possible divisors of n. 
To evaluate o(n), consider the product 


(1+ pit p?t---+ peydt pot pe +--+ p®) 
pe pep) 


Each positive divisor of n appears once and only once as a term in the expansion of 
this product, so that 


o(n) = (1+ pit pit: + py) t pe t+ pete + BF) 


Applying the formula for the sum of a finite geometric series to the ith factor on the 
right-hand side, we get 


pith _ 4 
1+ p+ pp t---+ pi = +— 
pi— 1 
It follows that 
pe bape St. peed 
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Corresponding to the )— notation for sums, the notation for products may be 
defined using | |, the Greek capital letter pi. The restriction delimiting the numbers 
over which the product is to be made is usually put under the | | sign. Examples are 


L] £@ = fMFOF@FMFO) 


1<d<5 
[| 4@ = fMf@FO 
d|9 
[|] fH = f@FE)F6) 
p|30 


p prime 


With this convention, the conclusion to Theorem 6.2 takes the compact form: If 
n= Pp; py ... p* is the prime factorization of n > 1, then 


tay= | [& +) 


1<i<r 


and 


Example 6.1. The number 180 = 2? - 3? - 5 has 
T1180) = (24+)D24+10)0+4+1)= 18 
positive divisors. These are integers of the form 
DAN 4 B22. 5% 
where a; = 0, 1, 2; ag = 0, 1, 2; and a3 = 0, 1. Specifically, we obtain 
1,2,3,4,5, 6,9, 10, 12, 15, 18, 20, 30, 36, 45, 60, 90, 180 


The sum of these integers is 


~7-13-6 = 546 


27-13°-157-1 7 26 24 

MOS Fey Sat S=1 7 bee 

One of the more interesting properties of the divisor function T is that the product 

of the positive divisors of an integer n > 1 is equal to n™/”, It is not difficult to 

get at this fact: Let d denote an arbitrary positive divisor of n, so that n = dd’ for 

some d’. As d ranges over all t(7) positive divisors of n, t(m) such equations occur. 
Multiplying these together, we get 


n™=]d-[[a’ 


d|n d'|n 
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But as d runs through the divisors of n, so does d’; hence, | |, in d=||, = d'. The 


situation is now this: 
D 
ni) = (11 ‘ 
d\n 


ntm/2 — | [4 


d|n 


or equivalently 


The reader might (or, at any rate, should) have one lingering doubt concerning 
this equation. For it is by no means obvious that the left-hand side is always an 
integer. If t(m) is even, there is certainly no problem. When t(7) is odd, n turns out 
to be a perfect square (Problem 7, Section 6.1), say, n = m?; thus n™/2 = m™, 
settling all suspicions. 

For a numerical example, the product of the five divisors of 16 (namely, 1, 2, 4, 
8, 16) is 

] [| ¢ = 16? = 16°? = 4° = 1024 
d|16 

Multiplicative functions arise naturally in the study of the prime factorization 
of an integer. Before presenting the definition, we observe that 

T(2-10) = 120) = 642-4=17(2)-T(10) 
At the same time, 
a(2-10) = 0 (20) = 42 43-18 =a0(2)-o(10) 
These calculations bring out the nasty fact that, in general, it need not be true that 
tT(mn) = t(m)t(n) and o(mn) = a(m)a(n) 


On the positive side of the ledger, equality always holds provided we stick to rela- 
tively prime m and n. This circumstance is what prompts Definition 6.2. 


Definition 6.2. A number-theoretic function f is said to be multiplicative if 


f(mn) = f(m) fm) 


whenever gcd(m ,n) = 1. 


For simple illustrations of multiplicative functions, we need only consider the 
functions given by f(n) = 1 and g(n) =n for all n > 1. It follows by induction 
that if f is multiplicative and n;, n2,...,n, are positive integers that are pairwise 
relatively prime, then 


f(njn2---n-) = f(r) f(n2)--+ f Mr) 


Multiplicative functions have one big advantage for us: They are completely 


determined once their values at prime powers are known. Indeed, ifn > 1 is a given 


ate : k, ok : : 
positive integer, then we can writen = p;' p> -:- p** in canonical form; because the 
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py are relatively prime in pairs, the multiplicative property ensures that 


f(n) = fp!) F (py) FP) 
If f is a multiplicative function that does not vanish identically, then there exists 
an integer n such that f(n) 4 0. But 
fa)=fa-)= fmf) 
Being nonzero, f(n) may be canceled from both sides of this equation to give 
f (1) = 1. The point to which we wish to call attention is that f(1) = 1 for any 


multiplicative function not identically zero. 
We now establish that t and o have the multiplicative property. 


Theorem 6.3. The functions t and o are both multiplicative functions. 


Proof. Let m and n be relatively prime integers. Because the result 1s trivially true if 
either m or n is equal to 1, we may assume that m > 1 andn > 1. If 


jij 


ky ok 
Dis oe and Nn=qi 


m= DP); Po :**P, gis 
are the prime factorizations of m and n, then because gcd(m , n) = 1, no p; can occur 
among the q;. It follows that the prime factorization of the product mn is given by 
mn = p ine ph qi gh 
Appealing to Theorem 6.2, we obtain 
t(mn) = [(Ay + 1)---& + DIG + 2)--- Gs + DI 
= T(m)t(n) 


In a similar fashion, Theorem 6.2 gives 


Saji BE et | a a 
pil Pr—-1 q—l qs — 1 


= oa(m)a(n) 


Thus, t and o are multiplicative functions. 


We continue our program by proving a general result on multiplicative functions. 
This requires a preparatory lemma. 


Lemma. If gcd(m,n) = 1, then the set of positive divisors of mn consists of all 
products d;jd2, where d; |m, d,|n and gcd(d, , d2) = 1; furthermore, these products 
are all distinct. 


Proof. It is harmless to assume that m > 1 and n > 1; let m= pe ps vee p* and 


n= qi qe? -..q3 be their respective prime factorizations. Inasmuch as the primes 
Pis+-+> Pro Q15+++>Qs are all distinct, the prime factorization of mn is 


k 
mn = Py -+ + pirgi' “Qe 
Hence, any positive divisor d of mn will be uniquely representable in the form 


d= pil pray-gs OS a) <0 <b; < ji 
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This allows us to write d as d =dj,d2, where d, = p)'--: p® divides m and 


dy = q, |...g%s divides n. Because no p; is equal to any g;, we surely must have 
gcd(d) , dz) = 1. 


A keystone in much of our subsequent work is Theorem 6.4. 


Theorem 6.4. If f is a multiplicative function and F is defined by 
F(n)= >> f@) 
d|n 


then F is also multiplicative. 


Proof. Let m and n be relatively prime positive integers. Then 


F(mn)= )_ f(@) 


d|mn 


= )_ f(didr) 


d,|m 
dz |n 


because every divisor d of mn can be uniquely written as a product of a divisor d; of 
m and a divisor d2 of n, where gcd(d; , d2) = 1. By the definition of a multiplicative 
function, 
fda) = f(di) f(a) 
It follows that 
F(mn) =) f(di) fd) 


d,|m 
dy|n 
= (x ran) (>: jut) 
d,|m dy \|n 
= F(m)F(n) 


It might be helpful to take time out and run through the proof of Theorem 6.4 
in a concrete case. Letting m = 8 andn = 3, we have 


F(8-3)= >> f@) 

d|24 

= f(1) + f(2)+ $B) + fA + £O + f(8) + f(12) + f(24) 

= f(l-1)+ f@Q-1)+ f-3)+ f4-)+ f2-3) 
+ f(8-1)+ f4-3)+ f(8-3) 

= f(D) + fQSA) + fDFB) + FHF + FFE) 
+ f(8) fC) + fA) + £8) F(3) 

=[f(l) + f2)+ £4) + F@ILFM + £3)] 


=) fd): >> f@ = F8)F(3) 


d|8 d|3 
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Theorem 6.4 provides a deceptively short way of drawing the conclusion that 
t and o are multiplicative. 


Corollary. The functions t and o are multiplicative functions. 


Proof. We have mentioned that the constant function f(n) = 1 is multiplicative, as is 
the identity function f(n) = n. Because t and o may be represented in the form 


t(n)=) 1 and of)=) od 


d\n d|n 
the stated result follows immediately from Theorem 6.4. 


PROBLEMS 6.1 


1. Let m and n be positive integers and p;, po, ..., p, be the distinct primes that divide at 
least one of m orn. Then m and n may be written in the form 


m = pip? +++ pe with k; > Ofori = 1,2,...,7r 


n= p!' p?... pj with j; > Ofori = 1,2,...,r 
Prove that 


uy uo V1 V2 


gcd(m,n) = p;'py’-+-p,’ — Iem(m, nn) = p;' py’ ++: p,’ 

where u; = min {k;, j;}, the smaller of k; and j;; and v; = max {k;, j;}, the larger of k; 

and j;. 
. Use the result of Problem 1 to calculate gcd(12378 , 3054) and Icm(12378 , 3054). 
. Deduce from Problem 1 that gcd(m, n) lcm(m , n) = mn for positive integers m and n. 
. In the notation of Problem 1, show that gcd(m,n) = 1 if and only if k;j; =O for 

PS hy 2a 
5. (a) Verify that t(n) = tin +1) = tin 4+ 2) = t(n }Y 3) holds for n = 3655 and 4503. 

(b) When n = 14, 206, and 957, show that o(n) = o(n + 1). 
6. For any integer n > 1, establish the inequality t(n) < 2./n. 
[Hint: If d |n, then one of d or n/d is less than or equal to ./n.] 

7. Prove the following. 

(a) t(n) is an odd integer if and only if n is a perfect square. 

(b) o(n) is an odd integer if and only if 1 is a perfect square or twice a perfect square. 

[Hint: If p is an odd prime, then 1 + p + p? + ---+ p* is odd only when k is even.] 

. Show that )/), 1/d = o(n)/n for every positive integer n. 

9. Ifn is a square-free integer, prove that t(n) = 2’, where r is the number of prime divisors 

of n. 
10. Establish the assertions below: 
(a) Ifn = pi p, -- p® is the prime factorization of n > 1, then 


tal uae) ae ee ae 
ae eae 2 een eee ee 
a(n) Pi p2 Pr 


(b) For any positive integer n, 


m Ww bv 


oa) 


1> 


OO ex gig aie on ime: 
ni 2° 3 n 


[Hint: See Problem 8.] 
(c) Ifn > 1 is acomposite number, then a(n) > n+ ./n. 
[Hint: Let d|n, where 1 < d <n,sol <n/d <n. Ifd < Jn, thenn/d> /n.] 


11. 


12. 


13. 


14. 


15. 


16. 


17. 
18. 


19. 


20. 


21. 


22. 
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Given a positive integer k > 1, show that there are infinitely many integers n for which 

t(n) = k, but at most finitely many n with o(n) = k. 

[Hint: Use Problem 10(a).] 

(a) Find the form of all positive integers n satisfying t(n) = 10. What is the smallest 
positive integer for which this is true? 

(b) Show that there are no positive integers n satisfying o(n) = 10. 
[Hint: Note that forn > 1,0(n) > n.]| 

Prove that there are infinitely many pairs of integers m and n with o(m”) = a(n’). 

[Hint: Choose k such that gcd(k , 10) = 1 and consider the integers m = 5k, n = 4k.] 

For k > 2, show each of the following: 

(a) n = 2*—! satisfies the equation a(n) = 2n — 1. 

(b) If 2* — 1 is prime, then n = 2*—!(2* — 1) satisfies the equation o(n) = 2n. 

(c) If 2*—3 is prime, then n = 2*~'(2* — 3) satisfies the equation o(n) = 
2n + 2. 

It is not known if there are any positive integers n for which o(n) = 2n + 1. 

If n and n + 2 are a pair of twin primes, establish that o(m + 2) = o(n) + 2; this also 

holds for n = 434 and 8575. 

(a) For any integer n > 1, prove that there exist integers n,; and m2 for which 
T(ny) + T(N2) =n. 

(b) Prove that the Goldbach conjecture implies that for each even integer 2n there exist 
integers n; and nz with o(n,) + 0(n2) = 2n. 

For a fixed integer k, show that the function f defined by f(n) = n* is multiplicative. 

Let f and g be multiplicative functions that are not identically zero and such that f(p*) = 

e(p*) for each prime p and k > 1. Prove that f = g. 

Prove that if f and g are multiplicative functions, then so is their product fg and quotient 

f/g (whenever the latter function is defined). 

Let w(n) denote the number of distinct prime divisors of n > 1, with w(1) = 0. For 

instance, w(360) = w(2? - 37-5) =3. 

(a) Show that 2°” is a multiplicative function. 

(b) For a positive integer n, establish the formula 


t(n*) = >; 904) 


d|n 


For any positive integer n, prove that ae in td y= (Ya in td ae | | 
[Hint: Both sides of the equation in question are multiplicative functions of n, so that it 
suffices to consider the case n = p*, where p is a prime.] 

Given n > 1, let o,(n) denote the sum of the sth powers of the positive divisors of n; that 


1S, 
O;(n) = a d° 


d\n 


Verify the following: 
(a) 09 = T ando; =o. 
(b) o, is a multiplicative function. 
[Hint: The function f, defined by f(n) =n’, is multiplicative. | 
(c) Ifn = pi py .-+ p* is the prime factorization of n, then 


5(k, +1) S(k2+1) S(k, +1 
et ee i SY ee 
pi} Pp, — 1 Pp; — 1 
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23. For any positive integer n, show the following: 
(a) Doin a(d)= deajn(t/d)t (a). 
(b) ajn(2/d)o d) = Ale dt(d). 


[Hint: Because the functions 


F(n)=)oo(@) and = Gin) = > <r (d) 


d|n d|n 


are both multiplicative, it suffices to prove that F(p*) = G(p*) for any prime p.] 


6.2 THE MOBIUS INVERSION FORMULA 


We introduce another naturally defined function on the positive integers, the Mobius 
j-function. 


Definition 6.3. For a positive integer n, define wu by the rules 


1 ifn = 1 
u(n) = % 0 if p* |n for some prime p 
(-1)’ ifn = pi, p2--: p,, where p; are distinct primes 


Put somewhat differently, Definition 6.3 states that w(n) = O ifn is not a square- 
free integer, whereas u(n) = (—1)’ if n is square-free with r prime factors. For 
example: (30) = (2-3-5) = (—1)° = —1. The first few values of jz are 


MQ)=1 w2)=-1 wO@)=-1 wA)=0 wOSO)=-!1 wO)=1,... 


If p is a prime number, it is clear that 4(p) = —1; in addition, w(p*) = 0 fork > 2. 
As the reader may have guessed already, the M6bius jz-function is multiplicative. 
This is the content of Theorem 6.5. 


Theorem 6.5. The function yu is a multiplicative function. 


Proof. We want to show that uw(mn) = uw(m)u(n), whenever m and n are rela- 
tively prime. If either p?|m or p*|n, p a prime, then p* | mn; hence, u(mn) = 0 = 
ju(m) (n), and the formula holds trivially. We therefore may assume that both m and 


n are square-free integers. Say, m = pi P2--- Pr, nN = Gig2--- qs, With all the primes 
p; and q; being distinct. Then 


pu(mn) = L(P1 -* Dri * Gs) — (—1y*5 


= (-1)'(- 1? = wm)u(n) 
which completes the proof. 


Let us see what happens if (d) is evaluated for all the positive divisors d of 
an integer n and the results are added. In the case where n = 1, the answer is easy; 
here, 


> Hd) = 1) = 1 


d|1 
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Suppose that n > 1 and put 
F(n) = ) ud) 
d|n 


To prepare the ground, we first calculate F(n) for the power of a prime, say, n = p*. 


The positive divisors of p* are just the k + 1 integers 1, p, p*,..., p*, so that 


F(p*) = Y> w@) = wd) + wp) + wp?) ++ + wp) 
d| p* 
= wW1)+ wp)=14+(-1)=0 
Because yz is known to be a multiplicative function, an appeal to Theorem 6.4 is 
legitimate; this result guarantees that F also is multiplicative. Thus, if the canonical 
factorization ofnisn = a py vee p* , then F'(n) is the product of the values assigned 
to F for the prime powers in this representation: 


F(n) = F(p}') F(p3) --» F(p*) = 0 


We record this result as Theorem 6.6. 


Theorem 6.6. For each positive integer n > 1, 
1 ifn = 1 
d)= 
a { ifn >1 


where d runs through the positive divisors of n. 


For an illustration of this last theorem, consider n = 10. The positive divisors 
of 10 are 1, 2, 5, 10 and the desired sum is 


>_ Hd) = m1) + wQ) + WS) + 410) 
d|10 
=-1+(-1)+(-1)+1=0 


The full significance of the Mébius u-function should become apparent with 
the next theorem. 


Theorem 6.7 Mobius inversion formula. Let F and f be two number-theoretic 
functions related by the formula 


F(n)=)_ f@) 


d\n 


fo) = DMF (5) = a (=) Fa) 


Proof. The two sums mentioned in the conclusion of the theorem are seen to be the 
same upon replacing the dummy index d by d' = n/d; as d ranges over all positive 
divisors of n, so does d’. 


Then 
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Carrying out the required computation, we get 


Ye@F (5)=>0 (ua S ro) 


d|n d\n c|(n/d) 


(1) 


->( ¥ wero) 


d|n \c|(n/d) 


It is easily verified that d|n and c | (n/d) if and only if c|n and d | (n/c). Because of 
this, the last expression in Eq. (1) becomes 


»( » “afo) ->( 3 jou) 


d|n \c|(n/d) clin \d|(n/c) 
-d (re > “) 
c|n d|(n/c) 


In compliance with Theorem 6.6, the sum ) > d\ (n/c) j(d) must vanish except when 
n/c = 1 (that is, when n = c), in which case it is equal to 1; the upshot is that the 
right-hand side of Eq. (2) simplifies to 


» (vo > ua) =) 101 
c|n d|(n/c) c=n 
= f(n) 


giving us the stated result. 


Let us use n = 10 again to illustrate how the double sum in Eq. (2) is turned 
around. In this instance, we find that 


a ( > wap) = MOA) FC) + f(2) + f(5) + f0)] 


d|10 \c|(10/d) 
+ MFC) + f(S)]+ vOLFM + fBI 
+ “(10) fC) 
= fwd) + (2) + WS) + “(10)] 
+ f(2)[wd) + H(5)] + fG)[HO) + u@)] 
+ f(10)u(1) 


= »( Se proud) 


c|10 \d|(d0/c) 


To see how the M6bius inversion formula works in a particular case, we remind 
the reader that the functions t and o may both be described as “sum functions”: 


T(n) = ye and a(n) = yod 


d|n d|n 
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Theorem 6.7 tells us that these formulas may be inverted to give 
n n 
ba (=) ed and iS (=) od 
d (=) c@) d, u(=)o(d) 


which are valid for all n > 1. 

Theorem 6.4 ensures that if f is a multiplicative function, then so is F(n) = 
>-a\n J (a). Turning the situation around, one might ask whether the multiplicative 
nature of F forces that of f. Surprisingly enough, this is exactly what happens. 


Theorem 6.8. If F is a multiplicative function and 
ED = > 7@) 
d\n 


then f is also multiplicative. 


Proof. Let m and n be relatively prime positive integers. We recall that any divisor 
d of mn can be uniquely written as d = d,d2, where d | m, dz | n, and gcd(d, , d2) = 1. 
Thus, using the inversion formula, 


fon) = J) wa) F (—) 


d|mn 
= 0 did) (=) 
d, |m dd 
dy|n 
m n 
= d do)F{(—|F({— 
2H 1) u(do) (>) (=) 
dy|n 
m n 
— d,)F {| — d»)F | — 
pa 1) (7) om 2) (=) 
= f(m)f(n) 


which is the assertion of the theorem. Needless to say, the multiplicative character of 
yu and of F is crucial to the previous calculation. 


For n > 1, we define the sum 
M(n) =) wk) 
k=1 


Then M(n) is the difference between the number of square-free positive integers 
k <n with an even number of prime factors and those with an odd number of prime 
factors. For example, M(9) = 2 — 4 = —2. In 1897, Franz Mertens (1840-1927) 
published a paper with a 50-page table of values of M(n) for n = 1, 2,..., 10000. 
On the basis of the tabular evidence, Mertens concluded that the inequality 


|M(n)| < J/n n> 1 


is “very probable.” (In the previous example, |M(9)| = 2 < /9.) This conclusion 
later became known as the Mertens conjecture. A computer search carried out in 
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1963 verified the conjecture for all n up to 10 billion. But in 1984, Andrew Odlyzko 
and Herman te Riele showed that the Mertens conjecture is false. Their proof, which 
involved the use of a computer, was indirect and produced no specific value of n 
for which |M(n)| > ./n; all it demonstrated was that such a number n must exist 
somewhere. Subsequently, it has been shown that there is a counterexample to the 
Mertens conjecture for at least one n < (3.21)10%. 


PROBLEMS 6.2 


it 


(a) For each positive integer n, show that 
pw(n)u(n + l)u(n + 2)u(n + 3) = 0 
(b) For any integer n > 3, show that }°7_, w(k!) = 1. 


. The Mangoldt function A is defined by 
log p ifn = p* , where p is a prime and k > 1 
A(n) = 
0) otherwise 


Prove that A(n) = ae w(n/d)logd = — 974, Hd) log d. 
[Hint: First show that }°, 1n 4(d) = logn and then apply the Mobius inversion formula. ] 
ky ko 


. Letn = p;' p,’ --+ p* be the prime factorization of the integer n > 1. If f is a multiplica- 


tive function that is not identically zero, prove that 


YS" u@ f@) = = f(py) = f(p2))-+- = FCP) 


d|n 


[Hint: By Theorem 6.4, the function F defined by F(n) = )0, in L(d) f (d) is multiplica- 
tive; hence, F'(n) is the product of the values F'( pi ).] 


. If the integer n > 1 has the prime factorization n = pr pe ..- p*, use Problem 3 to 


establish the following: 

(a) dean H(d@)t(d) = (-1)’. 

(b) doajn HD (a) = (-1)" pi po: -: Pr- 

(C) doajn H(d)/d = (1 — 1/pi)0. — 1/p2)--- — 1/pr). 
(d) deain H(A) = A — pi) — po)--- (1 = pr). 


. Let S(n) denote the number of square-free divisors of n. Establish that 


S(n) =) |u(a)| = 2% 


d|n 


where w(n) is the number of distinct prime divisors of n. 
[Hint: S is a multiplicative function. ] 


. Find formulas for >), ia u*(d)/t(d) and pare j*(d)/o(d) in terms of the prime factor- 


ization of n. 


. The Liouville 4-function is defined by (1) = 1 and A(n) = (—1)' +++, if the prime 


em re ; k, k ; 
factorization of n > lisn = p;'p,’-:: pe. For instance, 


XG60) S40 3 5) 1p aS 1 =1 


(a) Prove that A is a multiplicative function. 


NUMBER-THEORETIC FUNCTIONS 117 


(b) Given a positive integer n, verify that 


> Md) = 


d|n 


1 if n = m? for some integer m 
0 otherwise 


8. For an integer 1 > 1, verify the formulas below: 
(a) ayn Md)ACd) = 2°. 
(b) doy), A(n/d)2° = 1. 


6.3 THE GREATEST INTEGER FUNCTION 


The greatest integer or “bracket” function [ ] is especially suitable for treating di- 
visibility problems. Although not strictly a number-theoretic function, its study has 
a natural place in this chapter. 


Definition 6.4. For an arbitrary real number x, we denote by [x] the largest integer 
less than or equal to x; that is, [x] is the unique integer satisfying x — 1 < [x] < x. 


By way of illustration, [ ] assumes the particular values 
[-3/2]=-2 [V2]=1 [1/3]=0 [x]=3 [-x]=-4 


The important observation to be made here is that the equality [x] = x holds if 
and only if x is an integer. Definition 6.4 also makes plain that any real number x 
can be written as 


x=[x]+0 


for a suitable choice of 6, with O < @ < 1. 
We now plan to investigate the question of how many times a particular prime 
p appears in n!. For instance, if p = 3 andn = 9, then 
91=1-2-3-4-5-6-7-8-9 
= 2/.34.5.7 
so that the exact power of 3 that divides 9! is 4. It is desirable to have a formula that 


will give this count, without the necessity of always writing n! in canonical form. 
This is accomplished by Theorem 6.9. 


Theorem 6.9. If is a positive integer and p a prime, then the exponent of the highest 
power of p that divides n! is 


where the series is finite, because [n/p*] = 0 for p* > n. 


Proof. Among the first n positive integers, those divisible by p are p, 2p,..., tp, 
where ¢ is the largest integer such that tp < n; in other words, ¢ is the largest integer 


118 ELEMENTARY NUMBER THEORY 


less than or equal to n/p (which is to say t = [n/p]). Thus, there are exactly [n/p] 
multiples of p occurring in the product that defines n!, namely, 


nh 
p.2p.---.] |p (1) 
PD 


The exponent of p in the prime factorization of n! is obtained by adding to the 
number of integers in Eq. (1), the number of integers among 1, 2, ..., divisible by 
p’, and then the number divisible by p?, and so on. Reasoning as in the first paragraph, 
the integers between 1 and n that are divisible by p? are 


n 
D. DD dine =| p’ (2) 
Pp 
which are [n/p] in number. Of these, [n/p*] are again divisible by p: 
n 
POP esis 5 Pp (3) 


After a finite number of repetitions of this process, we are led to conclude that the total 
number of times p divides n! is 


This result can be cast as the following equation, which usually appears under 
the name of the Legendre formula: 


n! — I] prtailn/P' 


psn 


Example 6.2. We would like to find the number of zeros with which the decimal 
representation of 50! terminates. In determining the number of times 10 enters into the 
product 50!, it is enough to find the exponents of 2 and 5 in the prime factorization of 
50!, and then to select the smaller figure. 

By direct calculation we see that 


[50/2] + [50/22] + [50/23] + [50/24] + [50/25] 
= 254+12+6+3+41 
— 47 


Theorem 6.9 tells us that 2*” divides 50!, but 2*° does not. Similarly, 
[50/5] + [50/57] = 10 +2 = 12 


and so the highest power of 5 dividing 50! is 12. This means that 50! ends with 12 
zeros. 


We cannot resist using Theorem 6.9 to prove the following fact. 
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Theorem 6.10. If n and r are positive integers with 1 <r <n, then the binomial 
coefficient 

n _ n! 

r}  r\(n—r)! 


Proof. The argument rests on the observation that if a and b are arbitrary real numbers, 
then [a + b] > [a] + [b]. In particular, for each prime factor p of r!(n —r)!, 


n r (n —Tr) 
sJe[a)[92] te 


Adding these inequalities, we obtain 


SGhEbbets] « 


k k k 
k>| LP par kL isl P 


is also an integer. 


The left-hand side of Eq. (1) gives the exponent of the highest power of the prime 
p that divides n!, whereas the right-hand side equals the highest power of this prime 
contained in r!(m — r)!. Hence, p appears in the numerator of n!/r!(n —r)! at least 
as many times as it occurs in the denominator. Because this holds true for every prime 
divisor of the denominator, r!(n — r)! must divide n!, making n!/r!(n — r)! an integer. 


Corollary. For a positive integer r, the product of any r consecutive positive integers 

is divisible by r!. 

Proof. The product of r consecutive positive integers, the largest of which is n, is 
n(n — 1)\(n — 2)---(n-—r+1) 


Now we have 


n! 
nia Donn =(T 


r'(n —r)! 


Because n!/r!(n — r)! is an integer by the theorem, it follows that r! must divide the 
product n(n — 1)---(n —r +1), as asserted. 


We pick up a few loose threads. Having introduced the greatest integer function, 
let us see what it has to do with the study of number-theoretic functions. Their 
relationship is brought out by Theorem 6.11. 


Theorem 6.11. Let f and F be number-theoretic functions such that 


F(n)= > fd) 


d|n 


Then, for any positive integer JN, 


N N N 
Y Fa) = >of | 
n=l k=1 
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Proof. We begin by noting that 
Lrw= Dy 


The strategy is to collect terms with equal values of f(d) in this double sum. For a 
fixed positive integer k < N, the term f(k) appears in > d\n J (d) if and only if k is 
a divisor of n. (Because each integer has itself as a divisor, the right-hand side of Eq. 
(1) includes f(k), at least once.) Now, to calculate the number of sums )), . f(d) in 
which f(k) occurs as a term, it is sufficient to find the number of integers among 1, 
2,..., N, which are divisible by k. There are exactly [NV /k] of them: 


(1) 


ay 
= 
S 


ke Uk ky] Ff 


Thus, for each k such that 1 <k < N, f(k)is aterm of the sum )_, in J (d) for [N/k] 
different positive integers less than or equal to N. Knowing this, we may rewrite the 
double sum in Eq. (1) as 


N N N 

> me fa =) f® Fa 
n= |n k=1 

and our task is complete. 


As an immediate application of Theorem 6.11, we deduce Corollary 1. 


Corollary 1. If N is a positive integer, then 


yo=>[F| 


1 


Proof. Noting that t(n) = >>, in 1, We may write t for F and take f to be the constant 
function f(n) = 1 for all n. 


In the same way, the relation o(n) = )/4,,, 4 yields Corollary 2. 


Corollary 2. If N is a positive integer, then 
N N 
N 
2 o(n) = >. n ~ 
n=1 n=1 i 
These last two corollaries, can perhaps, be clarified with an example. 


Example 6.3. Consider the case N = 6. The definition of t tells us that 


6 
\- t(n) = 
n=1 
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From Corollary 1, 


2.76 
3 | = [6] + [3] + [2] + [3/2] + [6/5] + [1] 


n=1 
=64+3424141+4+1 
= 14 


as it should. In the present case, we also have 


6 
a(n) = 33 
n=1 


and a simple calculation leads to 


6 
yon H = 1[6] + 2[3] + 3[2] + 4[3/2] + 516/5] + 6[1] 
n=1 


n 
=1-642-34+3-2+4-14+5-14+6-1 
= 39 


PROBLEMS 6.3 


1. 


2: 


mn & 


Given integers a and b > O, show that there exists a unique integer r with O <r < b 
satisfying a = [a/b]b+r. 
Let x and y be real numbers. Prove that the greatest integer function satisfies the following 
properties: 
(a) [x +n] = [x] +n for any integer n. 
(b) [x] + [—x] = 0 or —1, according as x is an integer or not. 
[Hint: Write x = [x] + 6, withO < 6 < 1, so that —x = —[x] -—1+( —- @).] 
(c) [x] + [y] < [x + y] and, when x and y are positive, [x][y] < [xy]. 
(d) [x/n] = [[x]/n] for any positive integer n. 
[Hint: Let x/n = [x/n]+ 0, where 0 < 6 < 1; then [x] = n[x/n] + [n@].] 
(e) [nm/k] => n[m/k] for positive integers, n, m, k. 
(f) [x] + [y] + [x + y] s [2x] + [2y]. 
[Hint: Let x = [x] + 6,0 < 6 < l,and y = [y] + 0’,0 < 6’ < 1. Consider cases in 
which neither, one, or both of 6 and 0’ are greater than or equal to +] 


. Find the highest power of 5 dividing 1000! and the highest power of 7 dividing 2000!. 
. For an integer n > 0, show that [n/2] — [—n/2] =n. 
. (a) Verify that 1000! terminates in 249 zeros. 


(b) For what values of n does n! terminate in 37 zeros? 


. Ifn > 1 and p isa prime, prove that 


(a) (2n)!/(n!)? is an even integer. 
[Hint: Use Theorem 6.10.] 
(b) The exponent of the highest power of p that divides (2n)!/(n!)* is 


> (lal-2Le) 
7 as (ee 

ea NLP p 

(c) In the prime factorization of (2n)!/(n!)* the exponent of any prime p such that 
n < p < 2n is equal to 1. 
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7. Let the positive integer n be written in terms of powers of the prime p so that we have 
n=agp* +---+ap* +a,p +a, where 0 < a; < p. Show that the exponent of the 
highest power of p appearing in the prime factorization of n! is 

n— (ay +--+ +a. +a; + a) 
p- 1 

8. (a) Using Problem 7, show that the exponent of highest power of p dividing (p* — 1)! 
is [p* —(p — 1)k — 1]/(p — 1). 
[Hint: Recall the identity p* — 1 = (p — 1)(p*"! +--+ + p*? + p+1)] 

(b) Determine the highest power of 3 dividing 80! and the highest power of 7 dividing 

2400!. 
[Hint: 2400 = 7* — 1.] 

9. Find an integer n > 1 such that the highest power of 5 contained in n! is 100. 

[Hint: Because the sum of coefficients of the powers of 5 needed to express n in the base 
5 is at least 1, begin by considering the equation (n — 1)/4 = 100.] 
10. Given a positive integer NV, show the following: 
(a) y=) H@)LN/n] = 1. 
(b) | Dar H(n)/nl < 1. 
11. Illustrate Problem 10 in the case where N = 6. 
12. Verify that the formula 


x7] 1 


holds for any positive integer N. 
[Hint: Apply Theorem 6.11 to the multiplicative function F(n) = >, in A(d), noting that 
there are [./n] perfect squares not exceeding n.] 
13. If N is a positive integer, establish the following: 
(a) N= oO cn) — OM 2N/n]. 
(b) t(N) = Yn (LN/n] — ((N — 1)/n)). 


6.4 AN APPLICATION TO THE CALENDAR 


Our familiar calendar, the Gregorian calendar, goes back as far as the second half 
of the 16th century. The earlier Julian calendar, introduced by Julius Caesar, was 
based on a year of 3654 days, with a leap year every fourth year. This was not a 
precise enough measure, because the length of a solar year—the time required for 
the earth to complete an orbit about the sun—is apparently 365.2422 days. The small 
error meant that the Julian calendar receded a day from its astronomical norm every 
128 years. 

By the 16th century, the accumulating inaccuracy caused the vernal equinox 
(the first day of Spring) to fall on March 11 instead of its proper day, March 21. 
The calendar’s inaccuracy naturally persisted throughout the year, but at this season 
it meant that the Easter festival was celebrated at the wrong astronomical time. 
Pope Gregory XIII rectified the discrepancy in a new calendar, imposed on the 
predominantly Catholic countries of Europe. He decreed that 10 days were to be 
omitted from the year 1582, by having October 15 of that year immediately follow 
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October 4. At the same time, the Jesuit mathematician Christopher Clavius amended 
the scheme for leap years: these would be years divisible by 4, except for those 
marking centuries. Century years would be leap years only if they were divisible by 
400. (For example, the century years 1600 and 2000 are leap years, but 1700, 1800, 
1900, and 2100 are not.) 

Because the edict came from Rome, Protestant England and her possessions— 
including the American colonies—resisted. They did not officially adopt the Gre- 
gorian calendar until 1752. By then it was necessary to drop 11 days in September 
from the Old Style, or Julian, calendar. So it happened that George Washington, who 
was born on February 11, 1732, celebrated his birthday as an adult on February 22. 
Other nations gradually adopted the reformed calendar: Russia in 1918, and China 
as late as 1949. 

Our goal in the present section is to determine the day of the week for a given 
date after the year 1600 in the Gregorian calendar. Because the leap year day is added 
at the end of February, let us adopt the convenient fiction that each year ends at the 
end of February. According to this plan, in the Gregorian year Y March and April 
are counted as the first and second months. January and February of the Gregorian 
year Y + 1 are, for convenience, counted as the eleventh and twelfth months of the 
year Y. 

Another convenience is to ne the days of the week, Sunday through 
Saturday, by the numbers 0, 1, ..., 6: 


Sun Mon Tue Wed Thu Fri Sat 
0) 1 2 3 4 5 6 


The number of days in a common year is 365 = 1 (mod 7), whereas in leap 
years there are 366 = 2 (mod 7) days. Because February 28 is the 365th day of the 
year, and 365 = 1 (mod 7), February 28 always falls on the same weekday as the 
previous March 1. Thus if a particular March 1 immediately follows February 28, 
its weekday number will be one more, modulo 7, than the weekday number of the 
previous March 1. But if it follows a leap year day, February 29, its weekday number 
will be increased by two. 

For instance, if Dj699 is the weekday number for March 1, 1600, then March 1 
in the years 1601, 1602, and 1603 has numbers congruent modulo 7 to Dj699 + 1, 
D600 + 2, and Dj600 + 3, respectively; but the number corresponding to March 1, 
1604 is Di600 + 5 (mod 7). 

We can summarize this: the weekday number Dy for March 1 of any year 
Y > 1600 will satisfy the congruence 


Dy = Dyie600 + (Y — 1600) + L (mod 7) (1) 


where L is the number of leap year days between March 1, 1600 and March 1 of the 
year Y. 

Let us first find L, the number of leap year days between 1600 and the year Y. 
To do this, we count the number of these years that are divisible by 4, deduct the 
number of century years, and then add back the number of century years divisible by 
400. According to Problem 2(a) of Section 6.3, [x — a] = [x] — a whenever a is an 
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integer. Hence the number of years n in the interval 1600 < n < Y that are divisible 


by 4 is given by 
Y — 1600 Y Y 
————— | = | — — 400} = | — | — 400 
4 4 4 


Likewise, the number of elapsed century years is 


gL a ee | ee a 
100 100 100 


whereas among those there are 


y—1600] [ Y fli Y ; 
400 ~ | 400 ~ | 400 


century years that are divisible by 400. Taken together, these statements yield 
Y Y Y 
L={||—|-400)-—[{|——]|-16 —|-—4 
([3 (Fa )+ (Fa 
Y Y Y 
So) | ee | | BS 
4 100 400 


Let us obtain, for a typical example, the number of leap years between 1600 and 
1995. We compute: 
L = [1995/4] — [1995/100] + [1995 /400] — 388 
= 498 — 19+ 4 — 388 = 95 


Together with congruence (1), this allows us to find a value for Dj699. Days 
and dates of recent years can still be recalled; we can easily look up the weekday 
(Wednesday) for March 1, 1995. That is, Dj995 = 3. Then from (1), 


3 = Dyooo + (1995 — 1600) + 95 = Dio (mod 7) 


and so March 1, 1600 also occurred on a Wednesday. The congruence giving the 
day of the week for March 1 in any year Y may now be reformulated as 


Dy =3+(Y — 1600) + L (mod 7) (2) 
An alternate formula for L comes from writing the year Y as 
Y = 100c + y 0<y< 100 


where c denotes the number of centuries and y the year number within the century. 
Upon substitution, the previous expression for L becomes 


y y cy 
ail lars carts 


y C 
—9A |= | A _ 388 
c+ r alr m 
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(Notice that [y/100] = 0 and y/400 < i.) Then the congruence for Dy appears as 


Dy =3+(100c + y — 1600) + 24¢ + | ru A — 388 (mod 7) 


which reduces to 
C 


Dy =3-2+y+[5 


|+ A (mod 7) (3) 


Example 6.4 We can use the latest congruence to calculate the day of the week on 
which March 1, 1990 fell. For this year, c = 19 and y = 90 to that (3) gives 


= 55444 22 = 4 (mod 7) 


March 1 was on a Thursday in 1990. 


We move on to determining the day of the week on which the first of each month 
of the year would fall. Because 30 = 2 (mod 7), a 30-day month advances by two 
the weekday on which the next month begins. A 31-day month increases it by 3. So, 
for example, the number of June 1 will always be 3 + 2 +3 = 1 (mod 7) greater 
than that of the preceding March 1 because March, April, and May are months of 
31, 30, and 31 days, respectively. The table below gives the value that must be added 
to the day-number of March 1 to arrive at the number of the first day of each month 
in any year Y. 


March 0O September 2 

April 3 October 4 

May 5 November 0 

June 1 December 2 

July 3 January 5 

August 6 February 1 
Form = 1,2,..., 12, the expression 


[(2.6)m — 0.2] — 2 (mod 7) 


produces the same monthly increases as indicated by the table. Thus the number of 
the first day of the mth month of the year Y is given by 


Dy + [(2.6)m — 0.2] — 2 (mod 7) 
Taking December 1, 1990, as an example, we have 
Dj999 + [(2.6)10 — 0.2] — 2 =4+4 25 — 2 = 6 (mod 7) 


that is, the first of December in 1990 fell on a Saturday. 
Finally, the number w of day d, month m, year Y = 100c + y is determined 
from congruence 


w =(d—-1)4+ Dy + [(2.6)m — 0.2] — 2 (mod 7) 
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We can use Eq. (3) to recast this: 

C 
4 
We summarize the results of this section in the following theorem. 


WA ga(O 6m=0 21 ek < A (mod 7) (4) 


Theorem 6.12. The date with month m, day d, year Y = 100c + y where c > 16 and 
0 < y < 100, has weekday number 

C 
4 
provided that March is taken as the first month of the year and January and February 


are assumed to be the eleventh and twelfth months of the previous year. 
Let us give an example using the calendar formula. 


w = d+ [2.6m —0.2]-2c+ y +| ]+[5] (mod 7) 


Example 6.5. On what day of the week will January 14, 2020 occur? 
In our convention, January of 2020 is treated as the eleventh month of the year 
2019. The weekday number corresponding to its fourteenth day is computed as 


w = 14+ [(2.6)11 — 0.2] — 40+ 19 + [20/4] + [19/4] 
= 144 28 —404+ 194+5+4=2 (mod 7) 


We conclude that January 14, 2020 will take place on a Tuesday. 
An interesting question to ask about the calendar is whether every year contains a 
Friday the thirteenth. Phrased differently, does the congruence 
C 


A 7 7 ere 


hold for each year Y = 100c + y? Notice that the expression [(2.6)m — 0.2] assumes, 
modulo 7, each of the values 0, 1, ..., 6. as m varies from 3 to 9—-values corresponding 
to the months May through November. Hence there will always be a month for which 
the indicated congruence is satisfied: in fact, there will always be a Friday the thirteenth 
during these seven months of any year. For the year 2022, as an example, the Friday 
the thirteenth congruence reduces to 


0 = [(2.6)m — 0.2] (mod 7) 


5 = 13 + [2.6m —0.2]-2¢+y+| 


which holds when m = 3. In 2022, there is a Friday the thirteenth in May. 


PROBLEMS 6.4 


1. Find the number n of leap years such that 1600 < n < Y, when 
(a) Y = 1825. 
(b) Y = 1950. 
(c) Y = 2075. 
2. Determine the day of the week on which you were born. 
3. Find the day of the week for the important dates below: 
(a) November 19, 1863 (Lincoln’s Gettysburg Address). 
(b) April 18, 1906 (San Francisco earthquake). 
(c) November 11, 1918 (Great War ends). 
(d) October 24, 1929 (Black Day on the New York stock market). 
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(e) June 6, 1944 (Allies land in Normandy). 
(f) February 15, 1898 (Battleship Maine blown up). 
4. Show that days with the identical calendar date in the years 1999 and 1915 fell on the 
same day of the week. 
[Hint: If W, and W, are the weekday numbers for the same date in 1999 and 1915, 
respectively, verify that W; — W2 = 0 (mod 7).] 
5. For the year 2010, determine the following: 
(a) the calendar dates on which Mondays will occur in March. 
(b) the months in which the thirteenth will fall on a Friday. 
6. Find the years in the decade 2000 to 2009 when November 29 is on a Sunday. 


CHAPTER 


/ 


EULER’S GENERALIZATION OF 
FERMAT’S THEOREM 


Euler calculated without apparent effort, just as men breathe, as 
eagles sustain themselves in the air. 
ARAGO 


7.1 LEOQNHARD EULER 


The importance of Fermat’s work resides not so much in any contribution to the 
mathematics of his own day, but rather in its animating effect on later generations 
of mathematicians. Perhaps the greatest disappointment of Fermat’s career was his 
inability to interest others in his new number theory. A century was to pass before a 
first-class mathematician, Leonhard Euler (1707-1783), either understood or appre- 
ciated its significance. Many of the theorems announced without proof by Fermat 
yielded to Euler’s skill, and it is likely that the arguments devised by Euler were not 
substantially different from those that Fermat said he possessed. 

The key figure in 18th century mathematics, Euler was the son of a Lutheran 
pastor who lived in the vicinity of Basel, Switzerland. Euler’s father earnestly wished 
him to enter the ministry and sent his son, at the age of 13, to the University of Basel to 
study theology. There the young Euler met Johann Bernoulli—then one of Europe’s 
leading mathematicians—and befriended Bernoulli’s two sons, Nicolaus and Daniel. 
Within a short time, Euler broke off the theological studies that had been selected for 
him to address himself exclusively to mathematics. He received his master’s degree 
in 1723, and in 1727 at the age of 19, he won a prize from the Paris Academy of 
Sciences for a treatise on the most efficient arrangement of ship masts. 
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Leonhard Euler 
(1707-1783) 


(Dover Publications, Inc.) 


Where the 17th century had been an age of great amateur mathematicians, the 
18th century was almost exclusively an era of professionals—university professors 
and members of scientific academies. Many of the reigning monarchs delighted in 
regarding themselves as patrons of learning, and the academies served as the in- 
tellectual crown jewels of the royal courts. Although the motives of these rulers 
may not have been entirely philanthropic, the fact remains that the learned societies 
constituted important agencies for the promotion of science. They provided salaries 
for distinguished scholars, published journals of research papers on a regular ba- 
sis, and offered monetary prizes for scientific discoveries. Euler was at different 
times associated with two of the newly formed academies, the Imperial Academy at 
St. Petersburg (1727-1741; 1766-1783) and the Royal Academy in Berlin (1741-— 
1766). In 1725, Peter the Great founded the Academy of St. Petersburg and at- 
tracted anumber of leading mathematicians to Russia, including Nicolaus and Daniel 
Bernoulli. On their recommendation, an appointment was secured for Euler. Because 
of his youth, he had recently been denied a professorship in physics at the Univer- 
sity of Basel and was only too ready to accept the invitation of the Academy. In 
St. Petersburg, he soon came into contact with the versatile scholar Christian 
Goldbach (of the famous conjecture), a man who subsequently rose from professor 
of mathematics to Russian Minister of Foreign Affairs. Given his interests, it seems 
likely that Goldbach was the one who first drew Euler’s attention to the work of 
Fermat on the theory of numbers. 

Euler eventually tired of the political repression in Russia and accepted the call 
of Frederick the Great to become a member of the Berlin Academy. The story is told 
that, during a reception at Court, he was kindly received by the Queen Mother who 
inquired why so distinguished a scholar should be so timid and reticent; he replied, 
“Madame, it is because I have just come from a country where, when one speaks, 
one is hanged.” However, flattered by the warmth of the Russian feeling toward him 
and unendurably offended by the contrasting coolness of Frederick and his court, 
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Euler returned to St. Petersburg in 1766 to spend his remaining days. Within two or 
three years of his return, Euler became totally blind. 

However, Euler did not permit blindness to retard his scientific work; aided by 
a phenomenal memory, his writings grew to such enormous proportions as to be 
virtually unmanageable. Without a doubt, Euler was the most prolific writer in the 
entire history of mathematics. He wrote or dictated over 700 books and papers in his 
lifetime, and left so much unpublished material that the St. Petersburg Academy did 
not finish printing all his manuscripts until 47 years after his death. The publication 
of Euler’s collected works was begun by the Swiss Society of Natural Sciences in 
1911 and it is estimated that more than 75 large volumes will ultimately be required 
for the completion of this monumental project. The best testament to the quality of 
these papers may be the fact that on 12 occasions they won the coveted biennial 
prize of the French Academy in Paris. 

During his stay in Berlin, Euler acquired the habit of writing memoir after 
memoir, placing each when finished at the top of a pile of manuscripts. Whenever 
material was needed to fill the Academy’s journal, the printers helped themselves 
to a few papers from the top of the stack. As the height of the pile increased more 
rapidly than the demands made upon it, memoirs at the bottom tended to remain in 
place a long time. This explains how it happened that various papers of Euler were 
published, when extensions and improvements of the material contained in them had 
previously appeared in print under his name. We might also add that the manner in 
which Euler made his work public contrasts sharply with the secrecy customary in 
Fermat’s time. 


7.2 EULER’S PHI-FUNCTION 


This chapter deals with that part of the theory arising out of the result known as Euler’s 
Generalization of Fermat’s Theorem. In a nutshell, Euler extended Fermat’s theorem, 
which concerns congruences with prime moduli, to arbitrary moduli. While doing so, 
he introduced an important number-theoretic function, described in Definition 7.1. 


Definition 7.1. Forn > 1, let é(n) denote the number of positive integers not exceeding 
n that are relatively prime to n. 


As an illustration of the definition, we find that (30) = 8; for, among the 
positive integers that do not exceed 30, there are eight that are relatively prime to 30; 
specifically, 


1,7, 11, 13, 17, 19, 23, 29 
Similarly, for the first few positive integers, the reader may check that 
P(1) = 1, $(2) = 1, 6(3) = 2, (4) = 2, (5) = 4, 
o(6) = 2, d(7) = 6,... 


Notice that 6(1)=1, because gcd(1,1)=1. In the event n> 1, then 
gcd(n,n) = n #1, so that é(n) can be characterized as the number of integers 
less than n and relatively prime to it. The function @ is usually called the Euler 
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phi-function (sometimes, the indicator or totient) after its originator; the functional 
notation @(n), however, is credited to Gauss. 

If n is a prime number, then every integer less than n is relatively prime to 
it; whence, ¢(n) = n — 1. On the other hand, if nm > 1 is composite, then n has a 
divisor d such that 1 < d < n. It follows that there are at least two integers among 
1, 2,3,...,n that are not relatively prime to n, namely, d and n itself. As a result, 
b(n) <n — 2. This proves that forn > 1, 


o(n) =n—1 if and only if 1 is prime 


The first item on the agenda is to derive a formula that will allow us to calculate 
the value of é(n) directly from the prime-power factorization of n. A large step in 
this direction stems from Theorem 7.1. 


Theorem 7.1. If p is a prime and k > 0, then 
o(p*) = p* — p** = p* (: - 


Proof. Clearly, gcd(n , p*) = 1 if and only if p J n. There are p*~! integers between 
1 and p* divisible by p, namely, 


p,2p,3p,.--,(p*')p 


Thus, the set {1,2,..., p*} contains exactly p* — p*~' integers that are relatively 
prime to p*, and so by the definition of the phi-function, @(p*) = p* — p*7?. 


For an example, we have 
$(9) = $(3°) = 3° -3 =6 


the six integers less than and relatively prime to 9 being 1, 2, 4, 5, 7, 8. To give a 
second illustration, there are 8 integers that are less than 16 and relatively prime to 
it; they are 1, 3,5, 7, 9, 11, 13, 15. Theorem 7.1 yields the same count: 


(16) = o(2*) = 24*-2? = 16-8 =8 


We now know how to evaluate the phi-function for prime powers, and our aim 
is to obtain a formula for ¢(n) based on the factorization of n as a product of primes. 
The missing link in the chain is obvious: Show that ¢ is a multiplicative function. 
We pave the way with an easy lemma. 


Lemma. Given integers a, b, c, gcd(a, bc) = 1 if and only if gcd(a, b) = 1 and 
gcd(a,c) = 1. 


Proof. First suppose that gcd(a , bc) = 1, and put d = gcd(a, b). Thend |a andd |b, 
whence d | a and d | bc. This implies that gcd(a , bc) > d, which forces d = 1. Similar 
reasoning gives rise to the statement gcd(a,c) = 1. 

For the other direction, take gcd(a,b)=1=gcd(a,c) and assume that 
gcd(a , bc) = d,; > 1. Then d; must have a prime divisor p. Because d, | bc, it follows 
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that p | bc; in consequence, p |b or p|c. If p |b, then (by virtue of the fact that p | a) 
we have gcd(a, b) > p, a contradiction. In the same way, the condition p|c leads 
to the equally false conclusion that gcd(a,c) > p. Thus, d; = 1 and the lemma is 
proven. 


Theorem 7.2. The function ¢ is a multiplicative function. 


Proof. It is required to show that ¢(mn) = ¢(m)d(n), wherever m and n have no 
common factor. Because #(1) = 1, the result obviously holds if either m or n equals 
1. Thus, we may assume that m > 1 andn > 1. Arrange the integers from 1 to mn in 
m columns of n integers each, as follows: 


1 2 sas r ee om 
m+1 m+2 m+r 2m 


2n+ 1 2m + 2 2n+r 3m 


(n—1)m+1 (n—1)m+2 (n—l1)m+r nm 


We know that @(mn) is equal to the number of entries in this array that are relatively 
prime to mn; by virtue of the lemma, this is the same as the number of integers that 
are relatively prime to both m and n. 

Before embarking on the details, it is worth commenting on the tactics to be 
adopted: Because gcd(qm + r,m) = gcd(r , m), the numbers in the rth column are 
relatively prime to m if and only if r itself is relatively prime to m. Therefore, only 
@(m) columns contain integers relatively prime to m, and every entry in the column 
will be relatively prime to m. The problem is one of showing that in each of these 
@(m) columns there are exactly ¢(n) integers that are relatively prime to n; for then 
altogether there would be 6(m)@(n) numbers in the table that are relatively prime to 
both m and n. 

Now the entries in the rth column (where it is assumed that gcd(r , m) = 1) are 


rm+r,2m+r,...,a—l)m+r 


There are n integers in this sequence and no two are congruent modulo n. Indeed, 
if 


km+r=jm+r (modn) 


withO < k < j <n, it would follow that km = jm (mod n). Because gcd(m , n) = 1, 
we could cancel m from both sides of this congruence to arrive at the contradiction 
that kK = j (mod n). Thus, the numbers in the rth column are congruent modulo n to 
0,1,2,...,2 —1,in some order. But if s = t (mod n), then gcd(s , n) = 1 if and only 
if gcd(t ,) = 1. The implication is that the rth column contains as many integers that 
are relatively prime to n as does the set {0,1,2,...,” — 1}, namely, #(n) integers. 
Therefore, the total number of entries in the array that are relatively prime to both m 
and n is @(m)d(n). This completes the proof of the theorem. 


With these preliminaries in hand, we now can prove Theorem 7.3. 
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Theorem 7.3. If the integer n > 1 has the prime factorization n = pt py nae p* , then 


k aes k bee = 
p(n) = (pi sat i ) (pr =p : mets (pir =P 7) 


(-D)O-Bot-2 


Proof. We intend to use induction on r, the number of distinct prime factors of n. By 
Theorem 7.1, the result is true for r = 1. Suppose that it holds for r = 7. Because 


ged (pi! pi?--- pi". piv) =1 
the definition of multiplicative function gives 
@((pi' pi) pitt) = 0 (pit pi) @ (pit) 
= 6 (pit --- pi) (pit — pet’) 
Invoking the induction assumption, the first factor on the right-hand side becomes 
& (pit pe pit) = (pt! — ptt") (pe — pe!) (pi - pi) 


and this serves to complete the induction step, and the proof. 


Example 7.1. Let us calculate the value 6(360), for instance. The prime-power de- 
composition of 360 is 2° - 3* - 5, and Theorem 7.3 tells us that 


1 1 1 
(360) = 360 (: = 5) (: 7 5) (: _ :) 


The sharp-eyed reader will have noticed that, save for 6(1) and ¢(2), the values of 
o(n) in our examples are always even. This is no accident, as the next theorem shows. 


Theorem 7.4. For n > 2, @(n) is an even integer. 


Proof. First, assume that n is a power of 2, let us say that n = 2* with k > 2. By 
Theorem 7.3, 


p(n) = p(2*) = ok (1 — ;) — gk-1 


an even integer. If n does not happen to be a power of 2, then it is divisible by an odd 
prime p; we therefore may write n as n = p*m, where k > 1 and gcd(p* ,m) = 1. 
Exploiting the multiplicative nature of the phi-function, we obtain 


o(n) = o(p*)o(m) = p*"'(p — 1)d(m) 


which again is even because 2 | p — 1. 


We can establish Euclid’s theorem on the infinitude of primes in the following 
new way. As before, assume that there are only a finite number of primes. Call them 
P1, P2,---, Pr and consider the integern = p) p2--- pr. We argue thatif 1 <a <n, 
then gcd(a , n) ¥ 1. For, the Fundamental Theorem of Arithmetic tells us that a has 
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a prime divisor g. Because p, p2,..., py are the only primes, g must be one of 
these p;, whence g |n; in other words, gcd(a , n) > q. The implication of all this is 
that @(n) = 1, which clearly is impossible by Theorem 7.4. 


PROBLEMS 7.2 


10. 


11. 


12. 


1. Calculate (1001), 6(5040), and (36,000). 
2. 
3. Show that the integers m=3*- 568 and n=3*- 638, where k>0, satisfy 


Verify that the equality d(n) = d(n + 1) = d(m + 2) holds when n = 5186. 


simultaneously 


t(m) = t(n), o(m)=o(n),and = g(m) = o(n) 


. Establish each of the assertions below: 


(a) If n is an odd integer, then @(2n) = O(n). 

(b) If n is an even integer, then 6(2n) = 2¢(n). 

(c) @(3n) = 3¢(n) if and only if 3 | n. 

(d) d(3n) = 2¢(n) if and only if 3 J} n. 

(e) d(n) = n/2 if and only if n = 2* for some k > 1. 
[Hint: Write n = 2‘ N, where N is odd, and use the condition ¢(n) = n/2 to show 
that N = 1.] 


. Prove that the equation ¢(n) = $(n + 2) is satisfied by n = 2(2p — 1) whenever p and 


2p — | are both odd primes. 


. Show that there are infinitely many integers n for which (n) is a perfect square. 


[Hint: Consider the integers n = 27**! fork = 1,2,....] 


. Verify the following: 


(a) For any positive integer n, 5 n< d(n) <n. 
[Hint: Writen = 2k0 pi! --» pk sog(n) = 27! p -- p&p, — 1)-+ (py — 1). 
Now use the inequalities p—1> ./p and k— 5 >k/2 to obtain $(n) > 
Dko-1 ky /2 a k, /2 ] 
P, Pr: 
(b) If the integer n > 1 has r distinct prime factors, then O(n) > n/2’. 
(c) Ifn > 1 isa composite number, then ¢(n) < n — J/n. 
(Hint: Let p be the smallest prime divisor of n, so that p< ./n. Then 


p(n) <n(1 — 1/p).] 


ki-1 
I 


. Prove that if the integer n has r distinct odd prime factors, then 2” | d(n). 
. Prove the following: 


(a) If n and n + 2 are a pair of twin primes, then é(n + 2) = O(n) + 2; this also holds 
forn = 12, 14, and 20. 
(b) If p and 2p + 1 are both odd primes, then n = 4p satisfies O(n + 2) = O(n) + 2. 
If every prime that divides n also divides m, establish that 6(1m) = n¢@(m); in particular, 
o(n*) = n@(n) for every positive integer n. 
(a) If O(n) |n — 1, prove that n is a square-free integer. 
[Hint: Assume that n has the prime factorization n = pr py ..» pk, where k, > 2. 
Then p; | (nm), whence p, | — 1, which leads to a contradiction. ] 
(b) Show that ifn = 2* or 2*3/, with k and j positive integers, then (n) | n. 
Ifn = p;'p® --- p*, derive the following inequalities: 
(a) o(n)p(n) > n7(1 — 1/pp) — 1/p3)--- (1 — 1/p?). 
(b) t(n)b(n) = n. 
[Hint: Show that t(n)O(n) > 2” -n(1/2)’.] 
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13. Assuming that d |n, prove that d(d) | d(n). 
[Hint: Work with the prime factorizations of d and n.] 

14. Obtain the following two generalizations of Theorem 7.2: 
(a) For positive integers m and n, where d = gcd(m, n), 


o(d) 
d 


p(m)p(n) = d(mn) 
(b) For positive integers m and n, 
p(m)o(n) = o(gcd(m , n))p(Icm(m , n)) 


15. Prove the following: 
(a) There are infinitely many integers n for which ¢(n) = n/3. 
[Hint: Consider n = 2*3/, where k and j are positive integers. ] 
(b) There are no integers n for which ¢(n) = n/4. 
16. Show that the Goldbach conjecture implies that for each even integer 2n there exist 
integers n; and n2 with d(n;) + d(n2) = 2n. 
17. Given a positive integer k, show the following: 
(a) There are at most a finite number of integers n for which ¢(n) = k. 
(b) If the equation ¢(n) = k has a unique solution, say n = no, then 4| 7. 
[Hint: See Problems 4(a) and 4(b).] 
A famous conjecture of R. D. Carmichael (1906) is that there is no k for which the 
equation @(n) = k has precisely one solution; it has been proved that any counterex- 
ample n must exceed 1010000000. 
18. Find all solutions of d(n) = 16 and d(n) = 24. 
[Hint: If n = p;'p’? --- p* satisfies (n) = k, then n = [k/TI(p; — 1)]p;. Thus the 
integers d; = p; — 1 can be determined by the conditions (1) d; | k, (2) d; + 1 is prime, 
and (3) k/I1d; contains no prime factor not in ITp;.] 
19. (a) Prove that the equation ¢(n) = 2p, where p is a prime number and 2p + 1 is com- 
posite, is not solvable. 
(b) Prove that there is no solution to the equation ¢(n) = 14, and that 14 is the smallest 
(positive) even integer with this property. 
20. If p is a prime and k > 2, show that #(¢(p*)) = p*~*@((p — 1)°). 
21. Verify that d(n) 0 (n) is a perfect square when n = 63457 = 23 - 31 - 89. 


7.3 > EULER’S THEOREM 


As remarked earlier, the first published proof of Fermat’s theorem (namely that 
a?~! =1 (mod p)if p / a) was given by Euler in 1736. Somewhat later, in 1760, he 
succeeded in generalizing Fermat’s theorem from the case of a prime p to an arbitrary 
positive integer n. This landmark result states: If gcd(a,n) = 1, then a?” = 1 
(mod n). 

For example, putting n = 30 anda = 11, we have 


119°" = 118 = (11°)* = (121)4 = 1* = 1 (mod 30) 


As a prelude to launching our proof of Euler’s generalization of Fermat’s theo- 
rem, we require a preliminary lemma. 
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Lemma. Let n > 1 and gcd(a,n) = 1. If a1, az, ..., dg are the positive integers 
less than n and relatively prime to n, then 


aa,,aa2,..., aAaAg(n) 
are congruent modulo n to a1, a2, ... , Agn) In Some order. 
Proof. Observe that no two of the integers aa), daz, ..., dag») are congruent modulo 


n. For if aa; = aa; (mod n), with 1 <i < j < $(m), then the cancellation law yields 
a; = aj; (modn), and thus a; = a;,a contradiction. Furthermore, because gcd(a; ,n) = 
1 for alli and gcd(a , n) = 1, the lemma preceding Theorem 7.2 guarantees that each 
of the aa; is relatively prime to n. 

Fixing on a particular aa;, there exists a unique integer b, where 0 < b < n, for 
which aa; = b (mod n). Because 


gcd(b ,n) = gcd(aa; ,n) = 1 


b must be one of the integers a, dz, ..., Ayn). All told, this proves that the numbers 
ad\, Aa2,..., Adgn) and the numbers a1, a2, ..., Ag(n) are identical (modulo n) ina 
certain order. 


Theorem 7.5 Euler. If n > 1 and gcd(a,n) = 1, thena®” = 1 (mod n). 


Proof. There is no harm in taking n > 1. Let a1, ao, ..., dyin) be the positive integers 
less than n that are relatively prime to n. Because gcd(a , n) = 1, it follows from the 
lemma that aq), aa2, ..., agin) are congruent, not necessarily in order of appearance, 
tO a1, a2,..., Agn). Then 


aa, =a} (mod n) 


daz = a, (mod n) 


where a}, @5,..., Asn) are the integers a1, a2, ..., gin) in some order. On taking the 
product of these ¢(n) congruences, we get 


(aaj )(adz) ++ - (ddgn)) = a, a5 -- Ayn) (mod n) 
= a\a2°*+ Agony (mod n) 
and so 
a? (ayaq +++ Agny) = 4142 «++ Ag (mod n) 


Because gcd(a; ,n) = 1 for each 7, the lemma preceding Theorem 7.2 implies that 
gcd(a1a2 ---dagin),n) = 1. Therefore, we may divide both sides of the foregoing 
congruence by the common factor a1 a2 - - - dgq~m), leaving us with 


a?” = | (modn) 
This proof can best be illustrated by carrying it out with some specific numbers. 
Let n = 9, for instance. The positive integers less than and relatively prime to 9 are 


1,2, 4,5, 7,8 
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These play the role of the integers a), a2, ..., Agim) in the proof of Theorem 7.5. If 
a = —4, then the integers aa; are 


—4, —8, —16, —20, —28, —32 
where, modulo 9, 
—4=5 -8$=1 -l16=2 -20=7 -28=8 -32=4 
When the above congruences are all multiplied together, we obtain 
(—4)(—8)(—16)(—20)(—28)(—32) = 5-1-2-7-8-4 (mod 9) 
which becomes 
(1-2-4-5-7-8)(—4)° =(1-2-4-5-7-8) (mod 9) 
Being relatively prime to 9, the six integers 1, 2, 4, 5, 7, 8 may be canceled succes- 
sively to give 
(—4)° = 1 (mod 9) 
The validity of this last congruence is confirmed by the calculation 
(—4)° = 4° = (64) = 17 = 1 (mod 9) 
Note that Theorem 7.5 does indeed generalize the one credited to Fermat, which 


we proved earlier. For if p is a prime, then @(p) = p — 1; hence, when gcd(a, p) = 
1, we get 


a?! = qa?) = | (mod p) 


and so we have the following corollary. 
Corollary Fermat. If p is a prime and p / a, thena?~! = 1 (mod p). 


Example 7.2. Euler’s theorem is helpful in reducing large powers modulo n. To cite a 
typical example, let us find the last two digits in the decimal representation of 37°. This 
is equivalent to obtaining the smallest nonnegative integer to which 37°° is congruent 
modulo 100. Because gcd(3 , 100) = 1 and 


(100) = (2? - 57) = 100 (1 = >) (1 = =) = 40 


Euler’s theorem yields 
3*° = 1 (mod 100) 
By the Division Algorithm, 256 = 6 - 40 + 16; whence 
3256 — 3640416 — (340)6316 — 316 (od 100) 


and our problem reduces to one of evaluating 316 modulo 100. The method of succes- 
sive squaring yields the congruences 


3*=9 (mod 100) 38 = 61 (mod 100) 
34 =81 (mod 100) 316 = 21 (mod 100) 
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There is another path to Euler’s theorem, one which requires the use of Fermat’s 


theorem. 
Second Proof of Euler’s Theorem. To start, we argue by induction that if p / a(pa 


prime), then 
a?) =1 (mod p*) k>0 (1) 


When k = 1, this assertion reduces to the statement of Fermat’s theorem. Assuming 
the truth of Eq. (1) for a fixed value of k, we wish to show that it is true with k replaced 
by k +1. 

Because Eq. (1) is assumed to hold, we may write 


gq?) = 14 gp* 
for some integer g. Also notice that 
o(ph*") = pi! — pt = p(p* — p®') = pd(p") 
Using these facts, along with the binomial theorem, we obtain 
gt") — gpdo(P*) 
= (a?(P)P 


= (1+ 4p")? 

=1+ (1) ap + (5 )apht +- 
= (, fi 4 (qp*)?* + (qp*)? 

=1+ ( 2 (qp*) (mod p**") 


But p|(7), and so p**! | (7 )(qp*). Thus, the last-written congruence becomes 


ger) =] (mod p**?) 


completing the induction step. 
Let gcd(a ,n) = 1 and n have the prime-power factorization n = pr py -+ + phe, 
In view of what already has been proven, each of the congruences 


a") =1 (mod p) i =1,2,...,7 (2) 
holds. Noting that #(7) is divisible by 6( D. ), we may raise both sides of Eq. (2) to the 
power o(n)/( p) and arrive at 

a®™ =1(mod p;') i=1,2,...,7r 
Inasmuch as the moduli are relatively prime, this leads us to the relation 
a?) = 1 (mod pi! p?--: p*) 
or a? = 1 (mod n). 


The usefulness of Euler’s theorem in number theory would be hard to exaggerate. 
It leads, for instance, to a different proof of the Chinese Remainder Theorem. In other 
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words, we seek to establish that if gcd(n; ,n;) = 1 fori # j, then the system of linear 
congruences 
x = a; (mod n;) je Pes ee 
admits a simultaneous solution. Let n = njn2---n,, and put N; =n/n; for n = 
1,2,...,7r. Then the integer 
x= ane? ae ane” ie a, NP) 
fulfills our requirements. To see this, first note that VN; = 0 (modn;) wheneveri # /; 
whence, 
x =a,N?” (mod nj) 
But because gcd(JN; , n;) = 1, we have 
Ne = 1 (mod n;) 


and so x = a; (mod n;) for each 7. 

As asecond application of Euler’s theorem, let us show that ifn is an odd integer 
that is not a multiple of 5, then n divides an integer all of whose digits are equal to 
1 (for example, 7| 111111). Because gcd(n, 10) = 1 and gcd(9, 10) = 1, we have 
gcd(9n , 10) = 1. Quoting Theorem 7.5, again, 


109°” = 1 (mod 9n) 


This says that 10°°”) — 1 = 9nk for some integer k or, what amounts to the same 
thing, 


10%”) — 
ee 
é 9 


The right-hand side of this expression is an integer whose digits are all equal to 1, 
each digit of the numerator being clearly equal to 9. 


PROBLEMS 7.3 


1. Use Euler’s theorem to establish the following: 
(a) For any integer a, a*’ = a (mod 1729). 
[Hint: 1729 =7-13-19.] 
(b) For any integer a, a? = a (mod 2730). 
[Hint: 2730 = 2-3-5-7- 13.] 
(c) For any odd integer a, a>? = a (mod 4080). 
[Hint: 4080 = 15-16-17.] 
2. Use Euler’s theorem to confirm that, for any integer n > 0, 


51 | 1022"+9 9 


3. Prove that 2! — 23 divides a!? — a? for any integer a. 
(Hint: 2 —2? =5-7-8-9-13.] 
4. Show that if gcd(a ,n) = gcd(a — 1,n) = 1, then 


ltata?4+---+a?”-! =0 (modn) 
(Hint: Recall that a® — 1 = (a—1)(a?™-!4.---+a?+a4+1).] 
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5. If m and n are relatively prime positive integers, prove that 
me 4. 2?" = 1 (mod mn) 


6. Fill in any missing details in the following proof of Euler’s theorem: Let p be a prime 
divisor of n and gcd(a, p) = 1. By Fermat’s theorem, a?~! = 1 (mod p), so that a?~! = 
1+ zp for some t. Therefore a??~" = (1+tp)? =14+(4)tp)+---+ (py = 1 
(mod p?) and, by induction, a” ?- = 1 (mod p*), where k = 1,2,.... Raise both 
sides of this congruence to the ¢(n)/ p*—!(p — 1) power to get a? = 1 (mod p*). Thus, 
a?” = 1 (mod n). 

7. Find the units digit of 3!°° by means of Euler’s theorem. 

8. (a) If gcd(a ,n) = 1, show that the linear congruence ax = b (mod n) has the solution 

x = ba?” (mod n). 
(b) Use part (a) to solve the linear congruences 3x = 5 (mod 26), 13x = 2 (mod 40), 
and 10x = 21 (mod 49). 
9. Use Euler’s theorem to evaluate 210° (mod 77). 
10. For any integer a, show that a and a*"t! have the same last digit. 
11. For any prime p, establish each of the assertions below: 
(a) t(p!) = 2t((p — 1)!). 
(b) o(p!) = (p+ Yo(p— WN). 
(c) O(p!) = (p — Dd((p — 1)!). 
12. Givenn > 1, aset of O(n) integers that are relatively prime to n and that are incongruent 
modulo n is called a reduced set of residues modulo n (that is, a reduced set of residues 
are those members of a complete set of residues modulo n that are relatively prime to 7). 
Verify the following: 
(a) The integers —31, —16, —8, 13, 25, 80 form a reduced set of residues modulo 9. 
(b) The integers 3, 37, 3°, 34, 3°, 3° form a reduced set of residues modulo 14. 


(c) The integers 2, 27, 2°, ..., 2!8 form a reduced set of residues modulo 27. 
13. If p is an odd prime, show that the integers 
—] —] 
i Se rs a ene ae 
z 2 


form a reduced set of residues modulo p. 


7.4 SOME PROPERTIES OF THE PHI-FUNCTION 


The next theorem points out a curious feature of the phi-function; namely, that the 
sum of the values of ¢(d), as d ranges over the positive divisors of n, is equal to n 
itself. This was first noticed by Gauss. 


Theorem 7.6 Gauss. For each positive integer n > 1, 
n=) od) 
d|n 


the sum being extended over all positive divisors of n. 


Proof. The integers between 1 and n can be separated into classes as follows: If d is a 
positive divisor of 1, we put the integer m in the class Sg provided that gcd(m ,n) = d. 
Stated in symbols, 


Sa = {m|gcd(m,n) =d;1<m <n} 
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Now gcd(m , n) = d if and only if gcd(m/d ,n/d) = 1. Thus, the number of integers 
in the class Sg is equal to the number of positive integers not exceeding n/d that are 
relatively prime to 1 /d; in other words, equal to ¢(n/d). Because each of the n integers 
in the set {1, 2,...,} lies in exactly one class Sg, we obtain the formula 


n 
n= >> (5) 
d|n 
But as d runs through all positive divisors of n, so does n/d; hence, 


>4(5) =Yo@ 


d\n 


which proves the theorem. 


Example 7.3. A simple numerical example of what we have just said is provided by 
n = 10. Here, the classes Sy are 


S; = {1,3, 7, 9} 
Sy = {2, 4, 6, 8} 
Ss = {5} 
Sio = {10} 


These contain $(10) = 4, 6(5) = 4, 6(2) = 1, and ¢(1) = 1 integers, respectively. 
Therefore, 


Y | o(d) = 6(10) + 65) + (2) + 61) 


d|10 
=444+4+14+1=10 


It is instructive to give a second proof of Theorem 7.6, this one depending on 
the fact that @ is multiplicative. The details are as follows. If n = 1, then clearly 


> ¢@) = > ¢@)=¢0)=1=n 


d|n d|1 


Assuming that n > 1, let us consider the number-theoretic function 


F(n)=)_ 6d) 


d|n 


Because @ is known to be a multiplicative function, Theorem 6.4 asserts that F is 
also multiplicative. Hence, ifn = pi py ... p* is the prime factorization of n, then 


F(n) = F(pi')F(p3)--- F(p™) 
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For each value of i, 
F(p;')= )~ 6d) 
d| p;' 
= o(1) + b(pi) + 6(p?) + O(p3) + + + O(p%") 
= 1+ (pi — 1+ (7 — pi) + (RP - BI + + (PE DE) 
= p;' 


because the terms in the foregoing expression cancel each other, save for the term 
py. Knowing this, we end up with 


F(n) = pj! py Py = 
and so 
n=) $(d) 
d|n 
as desired. 


We should mention in passing that there is another interesting identity that in- 
volves the phi-function. 


Theorem 7.7. For 1 > 1, the sum of the positive integers less than n and relatively 
prime to n is n@p(n). 


Proof. Let aj, az, ..., Agny be the positive integers less than n and relatively prime to 
n. Now because gcd(a ,n) = 1 if and only if gcd(n — a, n) = 1, the numbers n — ay, 
nN — a2,...,N — Agny are equal in some order to a1, a2, ..., Aginy. Thus, 


a, +a2+::-+agn) = (2 — a1) + (n — a2) +--+: + (2 — aga) 
= o(n)n = (ay + a2 freee Ag(n)) 
Hence, 
2(a, +42 +-+-+agm)) = O(n)n 
leading to the stated conclusion. 
Example 7.4. Consider the case where n = 30. The (30) = 8 integers that are less 
than 30 and relatively prime to it are 
1, 7,.11,.13;, 17; 19,23; 29 


In this setting, we find that the desired sum is 
1 
bee dd eS TED 23 4 29 = 120: = 5 - 30-8 


Also note the pairings 


1+ 29 = 30 7+ 23 = 30 11+ 19 = 30 13+ 17 = 30 
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This is a good point at which to give an application of the MOébius inversion 
formula. 


Theorem 7.8. For any positive integer n, 


w(d) 
p(n) =n ) — 
d|n d 


Proof. The proof is deceptively simple. If we apply the inversion formula to 


F(n) =n =) 9d) 


d|n 


the result is 


on) = > uaF (5) 


d|n 


= u@= 


d|n 


Let us again illustrate the situation where n = 10. As easily can be seen, 


wd) 10 | sae (5) | 
10 ye eel ae ear 
Sere (1) tee ic 


- (1) (-1) (IY 
= 10/14 4594. 


—10)1 : aes oe 4 = $(10) 
~ 2 5 10 5 


Starting with Theorem 7.8, it is an easy matter to determine the value of the phi- 
function for any positive integer n. Suppose that the prime-power decomposition of 
nisn = py py .. + p*, and consider the product 


p=] ( Hpi) 4 GD) 
Cae ee 2 


pi|n Pi i 


Multiplying this out, we obtain a sum of terms of the form 


w(1)e(pt' (ps) «= (pe) 


eer 7 O<a; <k; 
P Po ee % Pr 
or, because yz is known to be multiplicative, 


(py! Py +++ per) — wd) 
a, _.a2 a, we: 
P, Po ele Pr d 
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where the summation is over the set of divisors d = p{'p;’--- p® of n. Hence, 
a ae in L-(d)/d. It follows from Theorem 7.8 that 


d ; 
b(n) =n maT] (1 (4 ME 44 HED) 


d|n Dp, |n i 


But ,(p;') = 0 whenever a; > 2. As a result, the last-written equation reduces to 


oon) =n T] (x ay+ 2?) aT] (1-—) 


pi|n Pi p, |n 


which agrees with the formula established earlier by different reasoning. What is 
significant about this argument is that no assumption is made concerning the multi- 
plicative character of the phi-function, only of jw. 


PROBLEMS 7.4 


1. For a positive integer 1, prove that 


Y-D"4¢@) = 


d\n 


0 if n is even 
if n is odd 


(Hint: If n = 2" N, where N is odd, then 


Y-y"“e@= YS. o@- >> o2*d).] 
d|n d|2k-1N d|N 
2. Confirm that }°4)36 @(d) = 36 and ¥74) 36(—1)°°/“@(d) = 0 
3. For a positive integer n, prove that )°,,,, u7(d)/@(d) = n/b(n). 
[Hint: Both sides of the equation are multiplicative functions. ] 
4. Use Problem 4(c), Section 6.2, to prove n ) >, in H(d)/d = O(n). 


5. If the integer m > 1 has the prime factorization n = oe ae ..» p*r, establish each of the 

following: 
(a) )° wd)p(d) = (2 — pi)(2 — pr)-+-(2 = pr). 

d|n 

po ae | eae she po ao | 

(b) ) | do(d) = | ——— ] | | --- | ——-—_ ].. 

d|n P1 Se P2 +1 Pr + 1 

d k —] k —] k,(pr — 1 

© ) =(1+ (P11 ’) (1+ 2(p2 =») (i (p ’) 

d|n P1 P2 Pr 


[Hint: For part (a), use Problem 3, Section 6.2.] 
6. Verify the formula )",_, 6(d)[n/d] = n(n + 1)/2 for any positive integer n. 
[Hint: This is a direct application of Theorems 6.11 and 7.6.] 
7. If n is a square-free integer, prove that )°,,,, 0 (d‘~')@(d) = n* for all integers k > 2. 
. For a square-free integer n > 1, show that t(n”) = n if and only if n = 3. 
9. Prove that 3 | o(3n + 2) and 4|0(4n + 3) for any positive integer n. 


o 2) 
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10. (a) Given k > 0, establish that there exists a sequence of k consecutive integers n + 1, 
n+2,...,n+k satisfying 


wat l=pwnt+2)=---=uUn+k)=0 
[Hint: Consider the following system of linear congruences, where p, is the kth 
prime: 
x = —1 (mod 4), x = —2 (mod 9),...,x = —k (mod pz). 


(b) Find four consecutive integers for which p(n) = 0. 
11. Modify the proof of Gauss’ theorem to establish that 


2, Beate n= da (=) 


= —— forn > 1 
d|n 
12. Forn > 2, establish the inequality @(n7) + @((n + 1)*) < 2n?. 
13. Given an integer n, prove that there exists at least one k for which n | #(k). 
14. Show that if 1 is a product of twin primes, say n = p(p + 2), then 


p(njo(n) = (n + 1)(n — 3) 


15. Prove that )/4), o(d)b(n/d) = nt(n) and 974), Td)O(n/d) = a(n). 
16. If a1, a2, ..., Agny 18 a reduced set of residues modulo n, show that 


a, +a2+-++++agn) = O(mod n) forn > 2 


CHAPTER 


S 


PRIMITIVE ROOTS AND INDICES 


... mathematical proofs, like diamonds, are hard as well as clear, and will be 
touched with nothing but strict reasoning. 
JOHN LOCKE 


8.1 THE ORDER OF AN INTEGER MODULO n 


In view of Euler’s theorem, we know that a?” = 1 (mod n), whenever gcd(a ,n) = 
1. However, there are often powers of a smaller than a?” that are congruent to 1 
modulo n. This prompts the following definition. 


Definition 8.1. Let n > 1 and gcd(a,n) = 1. The order of a modulo n (in older 
terminology: the exponent to which a belongs modulo n) is the smallest positive integer 
k such that a* = 1 (mod n). 


Consider the successive powers of 2 modulo 7. For this modulus, we obtain the 
congruences 


S90 DS 1 SS 1, 


from which it follows that the integer 2 has order 3 modulo 7. 

Observe that if two integers are congruent modulo n, then they have the same 
order modulo n. For if a = b (mod n) and a* = 1 (mod n), Theorem 4.2 implies that 
a‘ = b‘ (mod n), whence b*‘ = 1 (mod n). 

It should be emphasized that our definition of order modulo n concerns only 
integers a for which gcd(a,n) = 1. Indeed, if gcd(a,n) > 1, then we know from 
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Theorem 4.7 that the linear congruence ax = 1 (mod 7) has no solution; hence, the 
relation 


a“ = 1 (modn) k>1 


cannot hold, for this would imply that x = a*~! is a solution of ax = 1 (mod n). 


Thus, whenever there is reference to the order of a modulo n, it is to be assumed 
that gcd(a , n) = 1, even if it is not explicitly stated. 

In the example given previously, we have 2 = 1 (mod 7) whenever k is a 
multiple of 3, where 3 is the order of 2 modulo 7. Our first theorem shows that this 
is typical of the general situation. 


Theorem 8.1. Let the integer a have order k modulo n. Then a” = 1 (mod n) if and 
only if k | h; in particular, k | d(n). 


Proof. Suppose that we begin with k | h, so that h = jk for some integer 7. Because 

a* = 1 (mod n), Theorem 4.2 yields (a*)/ = 1/ (mod n) or a” = 1 (mod n). 
Conversely, let h be any positive integer satisfying a” = 1 (mod n). By the Division 

Algorithm, there exist g andr such that h = gk +r, where 0 < r < k. Consequently, 


q = qiktr = (a*)4a" 


By hypothesis, both a” = 1 (mod n) and a* = 1 (mod n), the implication of which is 
that a” = 1 (mod n). Because 0 < r < k, we end up with r = 0; otherwise, the choice 
of k as the smallest positive integer such that a* = 1 (mod n) is contradicted. Hence, 
h = qk, and k|h. 


Theorem 8.1 expedites the computation when we attempt to find the order of 
an integer a modulo n; instead of considering all powers of a, the exponents can be 
restricted to the divisors of @(n). Let us obtain, by way of illustration, the order of 
2 modulo 13. Because (13) = 12, the order of 2 must be one of the integers 1, 2, 
3,4, 6, 12. From 


J2=2 Pa4 Beg Wed M212 #22) =1 (mod 13) 


it is seen that 2 has order 12 modulo 13. 

For an arbitrarily selected divisor d of d(n), it is not always true that there exists 
an integer a having order d modulo n. An example is n = 12. Here (12) = 4, yet 
there is no integer that is of order 4 modulo 12; indeed, we find that 


Y=5*=7 =11* =1 (mod 12) 


and therefore the only choice for orders is 1 or 2. 
Here is another basic fact regarding the order of an integer. 


Theorem 8.2. If the integer a has order k modulo n, then a' = a/ (mod n) if and only 
if i = j (mod k). 


Proof. First, suppose that a' = a/ (mod n), where i > j. Because a is relatively 
prime to n, we may cancel a power of a to obtain a’-/ = 1 (mod n). According to 
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Theorem 8.1, this last congruence holds only if k |i — j, which is just another way of 
saying that i = j (mod k). 
Conversely, let i = j (mod k). Then we have i = j + gk for some integer qg. By 
the definition of k, a* = 1 (mod n), so that 
a’ =altt = aia’)! =a/ (modn) 
which is the desired conclusion. 


k 


Corollary. If a has order k modulo n, then the integers a, a”, ..., aX are incongruent 


modulo n. 


Proof. If a' =a/ (mod n) for 1 <i < j <k, then the theorem ensures that i = 
j (mod k). But this is impossible unless i = /. 


A fairly natural question presents itself: Is it possible to express the order of any 
integral power of a in terms of the order of a? The answer is contained in Theorem 8.3. 


Theorem 8.3. If the integer a has order k modulo n and h > O, then a" has order 
k/gcd(h , k) modulo n. 


Proof. Let d= gcd(h,k). Then we may write h=h,d and k=kj,d, with 
gcd (h, ,k,) = 1. Clearly, 
(ay! = @l*)/4 = a)" = 1 (mod n) 


If a” is assumed to have order r modulo n, then Theorem 8.1 asserts that r | k,. On the 
other hand, because a has order k modulo n, the congruence 


a” = (a")’ = 1 (modn) 


indicates that k | hr; in other words, kid | h,dr or k, | hyr. But gced(k; , h;) = 1, and 
therefore k; | r. This divisibility relation, when combined with the one obtained earlier, 
gives 
k k k 
r= el 
' d gced(h,k) 
proving the theorem. 

The preceding theorem has a corollary for which the reader may supply a proof. 


Corollary. Let a have order k modulo n. Then a” also has order k if and only if 
gcd(h ,k) = 1. 


Let us see how all this works in a specific instance. 


Example 8.1. The following table exhibits the orders modulo 13 of the positive 
integers less than 13: 
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We observe that the order of 2 modulo 13 is 12, whereas the orders of 2? and 2° 
are 6 and 4, respectively; it is easy to verify that 


12 12 
6 = ————_— and AS i 
gcd(2, 12) gcd(3, 12) 


in accordance with Theorem 8.3. The integers that also have order 12 modulo 13 are 
powers 2* for which gcd(k , 12) = 1; namely, 


2=2 P=6 2WMe=11 2!! = 7 (mod 13) 


If an integer a has the largest order possible, then we call it a primitive root 
of n. 


Definition 8.2. If gcd(a ,n) = 1 anda is of order ¢(n) modulo n, then a is a primitive 
root of the integer n. 


To put it another way, n has a as a primitive root if a? = 1 (mod n), but 
a* £ 1 (mod n) for all positive integers k < $(n). 
It is easy to see that 3 is a primitive root of 7, for 


3=3 3%? =2 PH=zE6 38=4 0) P=Z5 3° =1 (mod 7) 


More generally, we can prove that primitive roots exist for any prime modulus, which 
is aresult of fundamental importance. Although it is possible for a primitive root of 
n to exist when 7 is not a prime (for instance, 2 is a primitive root of 9), there is no 
reason to expect that every integer n possesses a primitive root; indeed, the existence 
of primitive roots is more often the exception than the rule. 


Example 8.2. Let us show that if F, = 2” + 1,n > 1, is a prime, then 2 is not a 
primitive root of F,,. (Clearly, 2 is a primitive root of 5 = F,.) From the factorization 
27°" — 1 = 2" + 1) 2?" — 1), we have 


gn+l 


2?" = 1 (mod F,) 


which implies that the order of 2 modulo F,, does not exceed 2”*!. But if F,, is assumed 
to be prime, then 


(Fn) = Fy -1=2”" 


and a straightforward induction argument confirms that 2" > 2”+!, whenever n > 1. 
Thus, the order of 2 modulo F, is smaller than ¢(F,,); referring to Definition 8.2, we 
see that 2 cannot be a primitive root of F,,. 


One of the chief virtues of primitive roots lies in our next theorem. 


Theorem 8.4. Let gcd(a , n) = 1 and let a1, a2, ..., dg) be the positive integers less 
than n and relatively prime to n. If a is a primitive root of n, then 
a,a*,...,a?™ 


are congruent modulo 7 to ay, a2, ..., Ag(n), I Some order. 
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Proof. Because a is relatively prime to n, the same holds for all the powers of a; hence, 
each a* is congruent modulo n to some one of the a;. The ¢(n) numbers in the set 
{a,a’,...,a?™} are incongruent by the corollary to Theorem 8.2; thus, these powers 
must represent (not necessarily in order of appearance) the integers a1, a2, ..., Agcn)- 


One consequence of what has just been proved is that, in those cases in which 
a primitive root exists, we can now State exactly how many there are. 


Corollary. If n has a primitive root, then it has exactly ¢(¢(n)) of them. 


Proof. Suppose that a is a primitive root of n. By the theorem, any other primitive 
root of n is found among the members of the set {a,a”,..., a®%}. But the number 
of powers a‘,1<k < @(n), that have order #(n) is equal to the number of integers k 
for which gcd(k , d(n)) = 1; there are #(¢(n)) such integers, hence, @(¢(n)) primitive 
roots of n. 


Theorem 8.4 can be illustrated by taking a = 2 andn = 9. Because @(9) = 6, 
the first six powers of 2 must be congruent modulo 9, in some order, to the positive 
integers less than 9 and relatively prime to it. Now the integers less than and relatively 
prime to 9 are 1, 2, 4, 5, 7, 8, and we see that 


Deo: Feat Vas 27 2=5 2° =1 (mod 9) 


By virtue of the corollary, there are exactly 6(¢(9)) = (6) = 2 primitive roots 
of 9, these being the integers 2 and 5. 


PROBLEMS 8.1 


1. Find the order of the integers 2, 3, and 5: 
(a) modulo 17. 
(b) modulo 19. 
(c) modulo 23. 
2. Establish each of the statements below: 
(a) If a has order hk modulo n, then a” has order k modulo n. 
(b) If a has order 2k modulo the odd prime p, then a* = —1 (mod p). 
(c) If a has order n — 1 modulo n, then n is a prime. 
3. Prove that #(2” — 1) is a multiple of n for any n > 1. 
[Hint: The integer 2 has order n modulo 2” — 1.] 
4. Assume that the order of a modulo n is h and the order of b modulo n is k. Show that the 
order of ab modulo n divides hk; in particular, if gcd(h , k) = 1, then ab has order hk. 
5. Given that a has order 3 modulo p, where p is an odd prime, show that a + 1 must have 
order 6 modulo p. 
[Hint: From a7 +a+1=0 (mod p), it follows that (a+ 1)* =a (mod p) and 
(a+ 1) =—1 (mod p).] 
6. Verify the following assertions: 
(a) The odd prime divisors of the integer n* + 1 are of the form 4k + 1. 
[Hint: n* = —1 (mod p), where p is an odd prime, implies that 4|@(p) by 
Theorem 8.1.] 
(b) The odd prime divisors of the integer n* + 1 are of the form 8k + 1. 
(c) The odd prime divisors of the integer n? +n + 1 that are different from 3 are of the 
form 6k + 1. 
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14. 
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Establish that there are infinitely many primes of each of the forms 4k + 1, 6k + 1, and 
8k + 1. 

[Hint: Assume that there are only finitely many primes of the form 4k + 1; call them 
Pi» P2,+-+, Pr. Consider the integer (2p; p2--- p,)* + 1 and apply the previous prob- 
lem. | 


. (a) Prove that if p and g are odd primes and q | a? — 1, then either g |a — 1 or else 


q = 2kp + 1 for some integer k. 
[Hint: Because a? = 1 (mod q), the order of a modulo q is either 1 or p; in the latter 
case, p | (q).] 

(b) Use part (a) to show that if p is an odd prime, then the prime divisors of 2? — 1 are 
of the form 2kp + 1. 

(c) Find the smallest prime divisors of the integers 2'7 — 1 and 2”? — 1. 


. Prove that there are infinitely many primes of the form 2kp + 1, where p is an odd prime. 


[Hint: Assume that there are finitely many primes of the form 2kp + 1, call them 
Gi, 42,--++,@,r, and consider the integer (2q1q2---q,)? — 1.] 


. (a) Verify that 2 is a primitive root of 19, but not of 17. 


(b) Show that 15 has no primitive root by calculating the orders of 2, 4, 7, 8, 11, 13, and 
14 modulo 15. 


. Let r be a primitive root of the integer n. Prove that r* is a primitive root of n if and only 


if gcd(k , d(n)) = 1. 


. (a) Find two primitive roots of 10. 


(b) Use the information that 3 is a primitive root of 17 to obtain the eight primitive roots 
of 17. 


. (a) Prove that if p and gq > 3 are both odd primes and q | R,, theng = 2kp + 1 for some 


integer k. 
(b) Find the smallest prime divisors of the repunits Rs = 11111 and R7 = 1111111. 
(a) Let p > 5 be prime. If R, is the smallest repunit for which p|R,, establish that 
n|p— 1. For example, Rg is the smallest repunit divisible by 73, and 8 | 72. 
[Hint: The order of 10 modulo p is n.] 
(b) Find the smallest R,, divisible by 13. 


PRIMITIVE ROOTS FOR PRIMES 


Because primitive roots play a crucial role in many theoretical investigations, a prob- 
lem exerting a natural appeal is that of describing all integers that possess primitive 
roots. We shall, over the course of the next few pages, prove the existence of primitive 
roots for all primes. Before doing this, let us turn aside briefly to establish Lagrange’s 
theorem, which deals with the number of solutions of a polynomial congruence. 


Theorem 8.5 Lagrange. If p is a prime and 
F(X) = nx" tan x} +--+ +a,x+ay a, #0 (mod p) 
is a polynomial of degree n > 1 with integral coefficients, then the congruence 
f(x) = 0 (mod p) 
has at most n incongruent solutions modulo p. 


Proof. We proceed by induction on, the degree of f(x). Ifn = 1, then our polynomial 
is of the form 


f(x) = aix + ao 
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Because gcd(a;, p)=1, Theorem 4.7 asserts that the congruence a,x = —do 
(mod p) has a unique solution modulo p. Thus, the theorem holds forn = 1. 

Now assume inductively that the theorem is true for polynomials of degree k — 1, 
and consider the case in which f(x) has degree k. Either the congruence f(x) = 0 
(mod p) has no solutions (and we are finished), or it has at least one solution, call it a. 
If f(x) is divided by x — a, the result is 


f(x) = —aqax) +r 


in which q(x) is a polynomial of degree k — 1 with integral coefficients and 7 is an 
integer. Substituting x = a, we obtain 


0= f(a) = (a —a)q(a) +r =r (mod p) 


and therefore f(x) = (x — a)q(x) (mod p). 
If b is another one of the incongruent solutions of f(x) = 0 (mod p), then 


0= f(b) = (6 — a)q(b) (mod p) 


Because b — a 0 (mod p), we may cancel to conclude that g(b) = 0 (mod p); in 
other words, any solution of f(x) = 0 (mod p) that is different from a must satisfy 
q(x) = 0 (mod p). By our induction assumption, the latter congruence can possess at 
most k — 1 incongruent solutions, and therefore f(x) = 0 (mod p) has no more than 
k incongruent solutions. This completes the induction step and the proof. 


From this theorem, we can pass easily to the corollary. 


Corollary. If p is a prime number and d | p — 1, then the congruence 
x4 —1=0(mod p) 


has exactly d solutions. 


Proof. Because d | p — 1, we have p — 1 = dk for some k. Then 
xP! _ 1 = (x4 —1)f(x) 


where the polynomial f(x) = x@4-) 4 744-2 4...4 4441 has integral 
coefficients and is of degree d(k — 1) = p—1-—d. By Lagrange’s theorem, the 
congruence f(x) =O (mod p) has at most p—1-—d solutions. We also know 
from Fermat’s theorem that x?~! — 1 = 0 (mod p) has precisely p — 1 incongruent 
solutions; namely, the integers 1, 2,..., p — 1. 

Now any solution x = a (mod p) of x?~! — 1 = 0 (mod p) that is not a solution 
of f(x) = 0 (mod p) must satisfy x — 1 = 0 (mod p). For 


0=a?-!—1 =(a* — 1) f(a) (mod p) 


with p J f(a), implies that p | a% — 1. It follows that x? — 1 = 0 (mod p) must have 
at least 


p—-1-(p-1-d)=d 


solutions. This last congruence can possess no more than d solutions (Lagrange’s 
theorem enters again) and, hence, has exactly d solutions. 
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We take immediate advantage of this corollary to prove Wilson’s theorem in a 
different way: Given a prime p, define the polynomial f(x) by 
f(x) =(@-—D@—-2)---@-(p-1I)-@Pet- 1) 

— dja5t?? + azn? +---+a,;x +d 
which is of degree p — 2. Fermat’s theorem implies that the p — 1 integers 
1,2,..., p — 1 are incongruent solutions of the congruence 

f(x) = 0 (mod p) 

But this contradicts Lagrange’s theorem, unless 

QApn-2 = 4p-3 = EH AY = dp = 0 (mod p) 
It follows that, for any choice of the integer x, 

(x — 1)(@ — 2)---(« —(p — 1) — (x? * — 1) = 0 (mod p) 

Now substitute x = 0 to obtain 

(—1)(—-2)---(-(p — 1) + 1 = 0 (mod p) 
or (—1)?~!(p — 1)! + 1 = 0 (mod p). Either p — 1 is even or p = 2, in which case 
—l=1 (mod p); at any rate, we get 

(p — 1)! = —-1 (mod p) 


Lagrange’s theorem has provided us with the entering wedge. We are now ina 
position to prove that, for any prime p, there exist integers with order corresponding 
to each divisor of p — 1. We state this more precisely in Theorem 8.6. 


Theorem 8.6. If p is a prime number and d|p — 1, then there are exactly ¢(d) 
incongruent integers having order d modulo p. 


Proof. Let d| p — 1 and w(d) denote the number of integers k, 1 < k < p —1, that 
have order d modulo p. Because each integer between 1 and p — 1 has order d for 
some d | p — 1, 


p-1= )) ¥@) 


d|p-1 
At the same time, Gauss’ theorem tells us that 
p-1= >> ¢@) 
d|p-1 
and therefore, putting these together, 
Yo v@= >° 6@) (1) 
d| p-1 d|p-1 


Our aim is to show that w(d) < $(d) for each divisor d of p — 1, because this, in 
conjunction with Eq. (1), would produce the equality w(d) = ¢(d) ¥ 0 (otherwise, 
the first sum would be strictly smaller than the second). 

Given an arbitrary divisor d of p — 1, there are two possibilities: We either 
have w(d) = 0 or w(d) > O. If w(d) = 0, then certainly w(d) < ¢(d). Suppose that 
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w(d) > 0, so that there exists an integer a of order d. Then the d integers a, a*,..., a4 
are incongruent modulo p and each of them satisfies the polynomial congruence 
x4 —1=0(mod p) (2) 


for, (a*)? = (a?) = 1 (mod p). By the corollary to Lagrange’s theorem, there can be 
no other solutions of Eq. (2). It follows that any integer having order d modulo p must 
be congruent to one of a, a”, ..., a7. But only #(d) of the just-mentioned powers have 
order d, namely those a‘ for which the exponent k has the property gcd(k , d) = 1. 
Hence, in the present situation, yr(d) = ¢(d), and the number of integers having order 
d modulo p is equal to ¢(d). This establishes the result we set out to prove. 


Taking d = p — | in Theorem 8.6, we arrive at the following corollary. 


Corollary. If p is a prime, then there are exactly @(p — 1) incongruent primitive roots 
of p. 


An illustration is afforded by the prime p = 13. For this modulus, 1 has order 
1; 12 has order 2; 3 and 9 have order 3; 5 and 8 have order 4; 4 and 10 have order 6; 
and four integers, namely 2, 6, 7, 11, have order 12. Thus, 


YS ¥@) = v1) + W2) + WB) + V4) + V6) + W12) 
d|12 
=14142424+244=12 


as it should. Also notice that 
wd) =1=¢() w4) =2=¢4) 
y(2)=1=¢() y(6) =2= (6) 
W(3) =2= 6G) w(12) =4= (12) 
Incidentally, there is a shorter and more elegant way of proving that w(d) = 


o(d) for each d | p — 1. We simply subject the formula d = ae 1 ¥(c) to Mobius 
inversion to deduce that 


wid)=)> > ule) 
c|d . 
In light of Theorem 7.8, the right-hand side of the foregoing equation is equal to @(d). 
Of course, the validity of this argument rests upon using the corollary to Theorem 
8.5 to show that d = aa wc). 

We can use this last theorem to give another proof of the fact that if p is a 
prime of the form 4k + 1, then the quadratic congruence x” = —1 (mod p) admits 
a solution. Because 4| p — 1, Theorem 8.6 tells us that there is an integer a having 
order 4 modulo p; in other words, 


a* = 1 (mod p) 
or equivalently, 


(a” — 1)(a* + 1) = 0 (mod p) 
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Because p is a prime, it follows that either 
a” — 1 =0(mod p) or a’ + 1 =0 (mod p) 


If the first congruence held, then a would have order less than or equal to 2, a 
contradiction. Hence, a* + 1 = 0 (mod p), making the integer a a solution to the 
congruence x” = —1 (mod p). 

Theorem 8.6, as proved, has an obvious drawback; although it does indeed imply 
the existence of primitive roots for a given prime p, the proof is nonconstructive. 
To find a primitive root, we usually must either proceed by brute force or fall back 
on the extensive tables that have been constructed. The accompanying table lists the 
smallest positive primitive root for each prime below 200. 


Least positive Least positive 


Prime primitive root Prime primitive root 
2 1 89 3 
3 2 97 5 
5 2 101 2 
7 3 103 5 

11 2 107 2 
13 2 109 6 
17 3 113 3 
19 2, 127 3 

23 5 131 2 

29 2 137 3 

31 3 139 2 

31 2 149 2 

4] 6 151 6 

43 3 157 5 

A7 5 163 2 

53 2 167 5 

59 2 173 2 

61 2 179 2 

67 2 181 p) 

71 7 19] 19 

73 5 193 = 

79 3 197 Z 

83 2 199 3 


If x(p) designates the smallest positive primitive root of the prime p, then 
the table presented shows that x(p) < 19 for all p < 200. In fact, x(p) becomes 
arbitrarily large as p increases without bound. The table suggests, although the 
answer is not yet known, that there exist an infinite number of primes p for which 
X(p) = 2. 

In most cases x(p) is quite small. Among the first 19862 odd primes up to 
223051, x(p) < 6 holds for about 80% of these primes; x(p) = 2 takes place for 
7429 primes or approximately 37% of the time, whereas x (p) = 3 happens for 4515 
primes, or 23% of the time. 
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In his Disquisitiones Arithmeticae, Gauss conjectured that there are infinitely 
many primes having 10 as a primitive root. In 1927, Emil Artin generalized this 
unresolved question as follows: For a not equal to 1, —1, or a perfect square, do 
there exist infinitely many primes having a as a primitive root? Although there is 
little doubt that this latter conjecture is true, it has yet to be proved. Recent work has 
shown that there are infinitely many a’s for which Artin’s conjecture is true, and at 
most two primes for which it fails. 

The restrictions in Artin’s conjecture are justified as follows. Let a be a perfect 
square, say a = x’, and let p be an odd prime with gcd(a, p) = 1. If p / x, then 
Fermat’s theorem yields x?~'! = 1 (mod p), whence 


qgP—V/? = (x2)\P-YD/2 = 1 (mod p) 


Thus, a cannot serve as a primitive root of p [if p|x, then p|a and surely a?! # 
1 (mod p)]. Furthermore, because (—1)? = 1, —1 is not a primitive root of p when- 
ever p— 1 > 2. 


Example 8.3. Let us employ the various techniques of this section to find the g(6) = 2 
integers having order 6 modulo 31. To start, we know that there are 


P(O(31)) = 630) = 8 


primitive roots of 31. Obtaining one of them is a matter of trial and error. Because 2° = 
1 (mod 31), the integer 2 is clearly ruled out. We need not search too far, because 3 
turns out to be a primitive root of 31. Observe that in computing the integral powers of 
3 it is not necessary to go beyond 3!°; for the order of 3 must divide (31) = 30 and 
the calculation 


3° = (277 = (—4) = (—64)(16) = —2(16) = —1 ¥ 1 (mod 31) 


shows that its order is greater than 15. 

Because 3 is a primitive root of 31, any integer that is relatively prime to 31 is 
congruent modulo 31 to an integer of the form 3* where 1 < k < 30. Theorem 8.3 
asserts that the order of 3* is 30/gcd(k , 30); this will equal 6 if and only if gcd(k , 30) = 
5. The values of k for which the last equality holds are k = 5 and k = 25. Thus our 
problem is now reduced to evaluating 3° and 37° modulo 31. A simple calculation gives 


3° = (27)9 = (—4)9 = —36 = 26 (mod 31) 
3 = (3° = (26) = (—S5YP = (—125)(25) = —1(25) = 6 (mod 31) 


so that 6 and 26 are the only integers having order 6 modulo 31. 


PROBLEMS 8.2 


1. If p is an odd prime, prove the following: 
(a) The only incongruent solutions of x* = 1 (mod p) are 1 and p — 1. 
(b) The congruence x?~? + --- + x* +x +1 =0(mod p)has exactly p — 2 incongru- 
ent solutions, and they are the integers 2,3,..., p — 1. 
2. Verify that each of the congruences x* = 1 (mod 15), x* = —1 (mod 65), and x? = 
—2 (mod 33) has four incongruent solutions; hence, Lagrange’s theorem need not hold 
if the modulus is a composite number. 
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10. 


11. 


12. 


8.3 
We 
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. Determine all the primitive roots of the primes p = 11, 19, and 23, expressing each as a 


power of some one of the roots. 


. Given that 3 is a primitive root of 43, find the following: 


(a) All positive integers less than 43 having order 6 modulo 43. 
(b) All positive integers less than 43 having order 21 modulo 43. 


. Find all positive integers less than 61 having order 4 modulo 61. 
. Assuming that r is a primitive root of the odd prime p, establish the following facts: 


(a) The congruence r’’—!)/2 = —1 (mod p) holds. 

(b) If r’ is any other primitive root of p, then rr’ is not a primitive root of p. 
[Hint: By part (a), (rr’)'?~)/? = 1 (mod p).] 

(c) If the integer r’ is such that rr’ = 1 (mod p), then’ is a primitive root of p. 


. For a prime p > 3, prove that the primitive roots of p occur in incongruent pairs r, r’ 


where rr’ = 1 (mod p). 
[Hint: If r is a primitive root of p, consider the integer r’ = r?~?.] 


. Let r be a primitive root of the odd prime p. Prove the following: 


(a) If p = 1 (mod 4), then —,r is also a primitive root of p. 
(b) If p = 3 (mod 4), then —r has order (p — 1)/2 modulo p. 


. Give a different proof of Theorem 5.5 by showing that if 7 is a primitive root of the prime 


p = 1 (mod 4), then r'?~/* satisfies the quadratic congruence x* + 1 = 0 (mod p). 
Use the fact that each prime p has a primitive root to give a different proof of Wilson’s 
theorem. 

[Hint: If p has a primitive root r, then Theorem 8.4 implies that (p — 1)! = rl t?+-t+@-) 
(mod p).] 

If p is a prime, show that the product of the @(p — 1) primitive roots of p is congruent 
modulo p to (—1)*?-), 

(Hint: If r is a primitive root of p, then the integer r* is a primitive root of p provided 
that gcd(k , p — 1) = 1; now use Theorem 7.7.] 

For an odd prime p, verify that the sum 


0 (mod p) if(p-—l1) fn 


eee abo spec p= 1) Se ap seed if(p — 1)|n 


[Hint: If(p —1) J n, andr is a primitive root of p, then the indicated sum is congruent 
modulo p to 


p(P— Un aa ] 


Lprt py? e... 4 pP-2e 
re — 


COMPOSITE NUMBERS HAVING PRIMITIVE ROOTS 


saw earlier that 2 is a primitive root of 9, so that composite numbers can also 


possess primitive roots. The next step in our program is to determine all composite 
numbers for which there exist primitive roots. Some information is available in the 
following two negative results. 


Theorem 8.7. For k > 3, the integer 2* has no primitive roots. 


Proof. For reasons that will become clear later, we start by showing that if a is an odd 
integer, then for k > 3 


a = 1 (mod 2) 
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If k = 3, this congruence becomes a” = 1 (mod 8), which is certainly true (indeed, 
1? = 3? =5* =7* =1 (mod 8)). For k > 3, we proceed by induction on k. Assume 
that the asserted congruence holds for the integer k; that is, a2 = 1 (mod 2*). This 
is equivalent to the equation 
a? =1 a poe 
where b is an integer. Squaring both sides, we obtain 
a? = (a2)? = 14+ 2(b2*) + (b2*/? 

—1]+ k+l (bh sia b?2k-!) 

= 1 (mod 2‘+!) 
so that the asserted congruence holds for k + 1 and, hence, for all k > 3. 


Now the integers that are relatively prime to 2* are precisely the odd integers, so 
that @(2*) = 2‘—!. By what was just proved, if a is an odd integer and k > 3, 


a??)/2 = 1 (mod 2*) 


and, consequently, there are no primitive roots of 2*. 
Another theorem in this same spirit is Theorem 8.8. 


Theorem 8.8. If gcd(m ,n) = 1, where m > 2 andn > 2, then the integer mn has no 
primitive roots. 


Proof. Consider any integer a for which gcd(a, mn) = 1; then gcd(a, m) = 1 and 
gcd(a ,n) = 1. Puth = Icm(¢(m), d(n)) and d = gcd(¢(m), d(n)). 

Because $(m) and ¢(n) are both even (Theorem 7.4), surely d > 2. In conse- 
quence, 


_ o(m)o(n) _ o(mn) 
d — 2 
Now Euler’s theorem asserts that a?) = 1 (mod m). Raising this congruence to the 
o(n)/d power, we get 
a’? = (q?™ em/d = 19M/d — |] (mod m) 


h 


Similar reasoning leads to a” = 1 (mod n). Together with the hypothesis gcd(m , n) = 
1, these congruences force the conclusion that 


a” = 1 (mod mn) 


The point we wish to make is that the order of any integer relatively prime to mn does 
not exceed @(mn)/2, whence there can be no primitive roots for mn. 


Some special cases of Theorem 8.8 are of particular interest, and we list these 
below. 


Corollary. The integer n fails to have a primitive root if either 


(a) n is divisible by two odd primes, or 
(b) n is of the form n = 2” p*, where p is an odd prime and m > 2. 
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The significant feature of this last series of results is that it restricts our search 
for primitive roots to the integers 2, 4, p“, and 2p*, where p is an odd prime. In this 
section, we prove that each of the numbers just mentioned has a primitive root, the 
major task being the establishment of the existence of primitive roots for powers of 
an odd prime. The argument is somewhat long-winded, but otherwise routine; for 
the sake of clarity, it is broken down into several steps. 


Lemma 1. If p is an odd prime, then there exists a primitive root r of p such that 
r?-| 4] (mod p’). 


Proof. From Theorem 8.6, it is known that p has primitive roots. Choose any one, 
call itr. If r?-! # 1 (mod p’), then we are finished. In the contrary case, replace r by 
r’ =r -+ p, whichis also a primitive root of p. Then employing the binomial theorem, 


(VP! =r + py! =r?" + (p — lpr? (mod p*) 
But we have assumed that r?~! = 1 (mod p?); hence, 
(r')P-" = 1 — pr?™ (mod p*) 
Because r is a primitive root of p, gcd(r , p) = 1, and therefore p {r?~*. The outcome 


of all this is that (r’)?~! #4 1 (mod p”), which proves the lemma. 


Corollary. If p is an odd prime, then p” has a primitive root; in fact, for a primitive 
root r of p, either r or r + p (or both) is a primitive root of p’. 


Proof. The assertion is almost obvious: If r is a primitive root of p, then the order of 
r modulo p” is either p — 1 or p(p — 1) = $(p’). The foregoing proof shows that if 
r has order p — 1 modulo p’, then + p is a primitive root of p?. 


As an illustration of this corollary, we observe that 3 is a primitive root of 7; 
and that both 3 and 10 are primitive roots of 7*. Also, 14 is a primitive root of 29, 
but not of 297. 

To reach our goal, another somewhat technical lemma is needed. 


Lemma 2. Let p be an odd prime and let r be a primitive root of p with the property 
that r?~'! + 1 (mod p’). Then for each positive integer k > 2, 


rP"(P-) & 1 (mod p*) 
Proof. The proof proceeds by induction on k. By hypothesis, the assertion holds for 


k = 2. Let us assume that it is true for some k > 2 and show that it is true for k + 1. 
Because gcd(r , p*~') = ged(r , p*) = 1, Euler’s theorem indicates that 


rh (PN) — OP") = 1 (mod p*!) 
Hence, there exists an integer a satisfying 


~P(p-1) =i + ap‘! 
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where p } a by our induction hypothesis. Raise both sides of this last equation to the 
pth power and expand to obtain 
rP'@-D — (1 4 ap*!)? = 1 + ap* (mod p**!) 
Because the integer a is not divisible by p, we have 
r?"'P-) & 1 (mod p**!) 


This completes the induction step, thereby proving the lemma. 


The hard work, for the moment, is over. We now stitch the pieces together to 
prove that the powers of any odd prime have a primitive root. 


Theorem 8.9. If p is an odd prime number and k > 1, then there exists a primitive 
root for p*. 


Proof. The two lemmas allow us to choose a primitive root r of p for whichr? (?-) # 
1 (mod p*); in fact, any integer r satisfying the condition r?~! # 1 (mod p”) will do. 
We argue that such an r serves as a primitive root for all powers of p. 

Let n be the order of r modulo p*. In compliance with Theorem 8.1, n must 
divide #(p*) = p*—'(p — 1). Because r” = 1 (mod p*) yields r” = 1 (mod p), we 
also have p —1|n (Theorem 8.1 serves again). Consequently, n assumes the form 
n = p™(p—1), where 0 < m <k —1. If it happened that n 4 p*~'(p — 1), then 
p*-*(p — 1) would be divisible by n and we would arrive at 


rP“(P-) = | (mod p*) 
contradicting the way in which r was initially chosen. Therefore, n = p*~!(p — 1) and 
r is a primitive root for p*. 
This leaves only the case 2 p* for our consideration. 


Corollary. There are primitive roots for 2p*, where p is an odd prime and k > 1. 


Proof. Let r be a primitive root for p*. There is no harm in assuming that r is an odd 
integer; for, if it is even, then r + p* is odd and is still a primitive root for p*. Then 
gcd(r , 2p*) = 1. The order n of r modulo 2p* must divide 

$(2p") = 62)(P*) = $(P") 


But r” = 1 (mod 2p“) implies that r” = 1 (mod p*), and therefore (p*) | n. Together 
these divisibility conditions force n = 6(2p*), making r a primitive root of 2p*. 


The prime 5 has ¢(4) = 2 primitive roots, namely, the integers 2 and 3. Because 


2>-'=1641(mod25) and 3°! =6#1 (mod 25) 


these also serve as primitive roots for 5” and, hence, for all higher powers of 5. The 
proof of the last corollary guarantees that 3 is a primitive root for all numbers of the 
form 2 - 5*. 

In Theorem 8.10 we summarize what has been accomplished. 


Theorem 8.10. An integer n > 1 has a primitive root if and only if 
n= 2.4, Dp or 2 p* 


where p is an odd prime. 


Proof. By virtue of Theorems 8.7 and 8.8, the only positive integers with primitive 
roots are those mentioned in the statement of our theorem. It may be checked that 1 is 
a primitive root for 2, and 3 is a primitive root of 4. We have just finished proving that 
primitive roots exist for any power of an odd prime and for twice such a power. 


This seems the opportune moment to mention that Euler gave an essentially 


correct (although incomplete) proof in 1773 of the existence of primitive roots for 
any prime p and listed all the primitive roots for p < 37. Legendre, using Lagrange’s 
theorem, managed to repair the deficiency and showed (1785) that there are d(d) 
integers of order d for each d | (p — 1). The greatest advances in this direction were 
made by Gauss when, in 1801, he published a proof that there exist primitive roots 
of n if and only if n = 2, 4, p*, and 2p*, where p is an odd prime. 


PROBLEMS 8.3 


1. 


2. 


(a) Find the four primitive roots of 26 and the eight primitive roots of 25. 

(b) Determine all the primitive roots of 37, 37, and 3+. 

For an odd prime p, establish the following facts: 

(a) There are as many primitive roots of 2p” as of p”. 

(b) Any primitive root r of p” is also a primitive root of p. 
[Hint: Let r have order k modulo p. Show that r?* = 1 (mod p?),...,r” *= 
1 (mod p”) and, hence, (p”) | p"~!k.] 

(c) A primitive root of p? is also a primitive root of p” for n > 2. 


. If r is a primitive root of p*, p being an odd prime, show that the solutions of the 


congruence x?~! = 1 (mod p”) are precisely the integers r?, r7?,..., rf? PP. 


. (a) Prove that 3 is a primitive root of all integers of the form 7‘ and 2-7*. 


(b) Find a primitive root for any integer of the form 17*. 


. Obtain all the primitive roots of 41 and 82. 
. (a) Prove that a primitive root r of p*, where p is an odd prime, is a primitive root of 


2p* if and only if r is an odd integer. 
(b) Confirm that 3, 3°, 3°, and 3° are primitive roots of 578 = 2 - 177, but that 3+ and 
3!” are not. 


. Assume that r is a primitive root of the odd prime p and (r + tp)?~! #1 (mod p’?). 


Show that r + tp is a primitive root of p* for each k > 1. 


. Ifn = 2 pi! pl? -.- p* is the prime factorization of n > 1, define the universal exponent 


A(n) of n by 
Mn) = Iem(A(2"), H(pi'), ---, o(p")) 


where A(2) = 1, A(2”) = 2, and A(2*) = 2*-? for k > 3. Prove the following statements 
concerning the universal exponent: 
(a) Forn = 2, 4, p*, 2p*, where p is an odd prime, A(n) = (n). 
(b) If ged(a, 2*) = 1, then a*@") = 1 (mod 2°). 
[Hint: For k > 3, use induction on k and the fact that A(2‘+!) = 24(2*).] 
(c) If gcd(a,n) = 1, thena*™ = 1 (mod n). 
[Hint: For each prime power p* occurring inn, a*” = 1 (mod p*).] 
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9. Verify that, for 5040 = 27 . 37 - 5-7, A(5040) = 12 and (5040) = 1152. 

10. Use Problem 8 to show that ifn 4 2, 4, p*, 2p*, where p is an odd prime, then has no 
primitive root. 
[Hint: Except for the cases 2, 4, p*, 2p*, we have A(n)| $¢(n); hence, gcd(a ,n) = 1 
implies that a?/* = 1 (mod n).] 

11. (a) Prove that if gcd(a,n) = 1, then the linear congruence ax = b (mod n) has the 

solution x = ba*™~—! (mod n). 

(b) Use part (a) to solve the congruences 13x = 2 (mod 40) and 3x = 13 (mod 77). 


8.4 THE THEORY OF INDICES 


The remainder of the chapter is concerned with a new idea, the concept of index. 
This was introduced by Gauss in his Disquisitiones Arithmeticae. 

Let n be any integer that admits a primitive root r. As we know, the first (7) 
powers of r, 


r,r?,...,r?™ 


are congruent modulo n, in some order, to those integers less than n and relatively 
prime to it. Hence, if a is an arbitrary integer relatively prime to n, then a can be 
expressed in the form 


a=r* (mod n) 


for a suitable choice of k, where 1 < k < $(n). This allows us to frame the following 
definition. 


Definition 8.3. Let r be a primitive root of n. If gcd(a,n) = 1, then the smallest 
positive integer k such that a = r* (mod n) is called the index of a relative to r. 


Customarily, we denote the index of a relative to r by ind, a or, if no confusion 
is likely to occur, by ind a. Clearly, 1 < ind, a < $(n) and 


ind, a 


r = a (mod n) 


The notation ind, a is meaningless unless gcd(a , n) = 1; in the future, this will be 
tacitly assumed. 
For example, the integer 2 is a primitive root of 5 and 


2=2 2?=4 2=3 °&#42®24=1(mod5) 
It follows that 
indg1=4 indd2=1 #£%indd3=3 #£ind4=2 


Observe that indices of integers that are congruent modulo n are equal. Thus, 
when setting up tables of values for ind a, it suffices to consider only those integers 
a \ess than and relatively prime to the modulus n. To see this, let a = b (mod n), 
where a and b are taken to be relatively prime to n. Because r™?? = a (mod n) and 
rind> = b (mod n), we have 


pinda — pindb (mod n) 
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Invoking Theorem 8.2, it may be concluded that ind a = ind b (mod @¢(n)). But, 
because of the restrictions on the size of ind a and ind J, this is only possible when 
ind a = ind D. 

Indices obey rules that are reminiscent of those for logarithms, with the primitive 
root playing a role analogous to that of the base for the logarithm. 


Theorem 8.11. If has a primitive root r and ind a denotes the index of a relative to 
r, then the following properties hold: 


(a) ind (ab) = inda+ ind b (mod ¢(n)). 
(b) ind a* = k ind a (mod ¢(n)) for k > 0. 
(c) ind 1 = 0 (mod ¢(n)), ind r = 1 (mod @(n)). 


Proof, By the definition of index, r™4¢ = a (mod n) and ri™4? = b (mod n). Multi- 
plying these congruences together, we obtain 


pinda-+ind b _ ab (mod n) 


But r'"4@>) = ab (mod n), so that 


pinda-+ind b = pind(ab) (mod n) 


It may very well happen that ind a + ind b exceeds ¢(n). This presents no problem, 
for Theorem 8.2 guarantees that the last equation holds if and only if the exponents are 
congruent modulo ¢(7); that is, 


ind a+ ind b= ind (ab) (mod ¢(n)) 
which is property (a). 

The proof of property (b) proceeds along much the same lines. For we have 
rinda® — gk (mod n), and by the laws of exponents, r*imd¢ = (rindayk = gk (mod n); 
hence, 

yinda* = pkinda (mod n) 


As above, the implication is that ind a* = k ind a (mod ¢(n)). The two parts of property 
(c) should be fairly apparent. 


The theory of indices can be used to solve certain types of congruences. For 
instance, consider the binomial congruence 


x* =a (modn) k>2 
where 7 is a positive integer having a primitive root and gcd(a,n)= 1. By 
properties (a) and (b) of Theorem 8.11, this congruence is entirely equivalent to 
the linear congruence 


k ind x = ind a (mod @(n)) 


in the unknown ind x. If d = gcd(k, d(n)) and d / ind a, there is no solution. 
But, if d| ind a, then there are exactly d values of ind x that will satisfy this last 
congruence; hence, there are d incongruent solutions of x* = a (mod n). 

The case in which k = 2 and n = p, with p an odd prime, is particularly im- 
portant. Because gcd(2 , p — 1) = 2, the foregoing remarks imply that the quadratic 
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congruence x* = a (mod p) has a solution if and only if 2| ind a; when this con- 
dition is fulfilled, there are exactly two solutions. If r is a primitive root of p, then 
r“(1 <k < p—1)runs modulo p through the integers 1,2,..., p — 1, in some or- 
der. The even powers of r produce the values of a for which the congruence x* = 
a (mod p) is solvable; there are precisely (p — 1)/2 such choices for a. 


Example 8.4. For an illustration of these ideas, let us solve the congruence 
4x? = 7 (mod 13) 


A table of indices can be constructed once a primitive root of 13 is fixed. Using the 
primitive root 2, we simply calculate the powers 2, 27, ..., 2'* modulo 13. Here, 
lg P=6 = 5 
2 =4 2° = 12 2'°= 10 
= 8 o> 7 
24 =3 2>=9 2° =1 


all congruences being modulo 13; hence, our table is 


Taking indices, the congruence 4x? = 7 (mod 13) has a solution if and only if 
ind, 4+ 9 ind, x = ind, 7 (mod 12) 


The table gives the values ind2 4 = 2 and ind2 7 = 11, so that the last congruence be- 
comes 9 indy x = 11 — 2 = 9(mod 12) which, in turn, is equivalent to having ind, x = 
1 (mod 4). It follows that 


ind, x = 1,5,or9 


Consulting the table of indices once again, we find that the original congruence 
4x? = 7 (mod 13) possesses the three solutions 


x = 2,5, and 6 (mod 13) 


If a different primitive root is chosen, we obviously obtain a different value for the 
index of a; but, for purposes of solving the given congruence, it does not really matter 
which index table is available. The 6(¢(13)) = 4 primitive roots of 13 are obtained 
from the powers 2‘(1 < k < 12), where 


gcd(k , 6(13)) = gcd(k, 12) = 1 
These are 
2! =2 2 =6 27 =11 2!! = 7 (mod 13) 


The index table for, say, the primitive root 6 is displayed below: 
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Employing this table, the congruence 4x? = 7 (mod 13) is replaced by 
indg 4+ 9 inde x = ind¢ 7 (mod 12) 
or, rather, 
9 indg x = 7 — 10 = —3 = 9 (mod 12) 
Thus, indg x = 1, 5, or 9, leading to the solutions 
x = 2,5, and 6 (mod 13) 


as before. 


The following criterion for solvability is often useful. 


Theorem 8.12. Let n be an integer possessing a primitive root and let gcd(a ,n) = 1. 
Then the congruence x* = a (mod n) has a solution if and only if 


g?m/d = | (mod n) 


where d = gcd(k , d(n)); if it has a solution, there are exactly d solutions modulo n. 


Proof. Taking indices, the congruence a?” /4 = 1 (mod n) is equivalent to 


a ind a = 0 (mod ¢(n)) 


which, in turn, holds if and only if d|ind a. But we have just seen that the latter is a 
necessary and sufficient condition for the congruence x* = a (mod n) to be solvable. 


Corollary. Let p be a prime and gcd(a , p) = 1. Then the congruence x* = a (mod p) 
has a solution if and only if a?~?/4 = 1 (mod p), where d = gcd(k, p — 1). 


Example 8.5. Let us consider the congruence 


x? = 4 (mod 13) 


In this setting, d = gcd(3, @(13)) = gced(3, 12) = 3, and therefore (13)/d = 4. Be- 
cause 44 = 9 #1 (mod 13), Theorem 8.12 asserts that the given congruence is not 
solvable. 

On the other hand, the same theorem guarantees that 


x? = 5 (mod 13) 


possesses a solution (in fact, there are three incongruent solutions modulo 13); for, in 
this case, 5+ = 625 = 1 (mod 13). These solutions can be found by means of the index 
calculus as follows: The congruence x* = 5 (mod 13) is equivalent to 


3 ind2 x = 9 (mod 12) 
which becomes 
ind, x = 3 (mod 4) 
This last congruence admits three incongruent solutions modulo 12, namely, 


indy x = 3,7,or11 
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The integers corresponding to these indices are, respectively, 8, 11, and 7, so that the 
solutions of the congruence x? = 5 (mod 13) are 


x = 7, 8, and 11 (mod 13) 


PROBLEMS 8.4 


10. 


11. 


. Find the index of 5 relative to each of the primitive roots of 13. 
. Using a table of indices for a primitive root of 11, solve the following congruences: 


(a) 7x7 = 3 (mod 11). 
(b) 3x4 =5 (mod 11). 
(c) x8 = 10 (mod 11). 


. The following is a table of indices for the prime 17 relative to the primitive root 3: 


aj 1 23 4 5 6 7 8 9 10 11 12 13 14 #15 += 16 


indja}|16 14 J 12 5 15 Il 10 2 3 #7 «13 +4 9 6 8 


With the aid of this table, solve the following congruences: 
(a) x!* = 13 (mod 17). 

(b) 8x° = 10 (mod 17). 

(c) 9x8 = 8 (mod 17). 

(d) 7* =7 (mod 17). 


. Find the remainder when 3 - 5!3 is divided by 17. 


[Hint: Use the theory of indices. ] 


. Ifr andr’ are both primitive roots of the odd prime p, show that for gcd(a, p) = 1 


ind, a = (ind, a)(ind, r) (mod p — 1) 


This corresponds to the rule for changing the base of logarithms. 


. (a) Construct a table of indices for the prime 17 with respect to the primitive root 5. 


[Hint: By the previous problem, inds a = 13 ind3 a (mod 16). ] 
(b) Solve the congruences in Problem 3, using the table in part (a). 


. If r is a primitive root of the odd prime p, verify that 


ind, (—1) = ind, (p — 1) = 5 —1) 


. (a) Determine the integers a(1 < a < 12) such that the congruence ax* = b (mod 13) 


has a solution for b = 2, 5, and 6. 
(b) Determine the integers a(1 < a < p — 1) such that the congruence x* = a (mod p) 
has a solution for p = 7, 11, and 13. 


. Employ the corollary to Theorem 8.12 to establish that if p is an odd prime, then 


(a) x” = —1 (mod p) is solvable if and only if p = 1 (mod 4). 

(b) x* = —1 (mod p) is solvable if and only if p = 1 (mod 8). 

Given the congruence x? = a (mod p), where p > 5 isa prime and gcd(a, p) = 1, prove 

the following: 

(a) If p = 1 (mod 6), then the congruence has either no solutions or three incongruent 
solutions modulo p. 

(b) If p = 5 (mod 6), then the congruence has a unique solution modulo p. 

Show that the congruence x? = 3 (mod 19) has no solutions, whereas x* = 11 (mod 19) 

has three incongruent solutions. 
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12. 


13. 


14. 


15. 


16. 


17. 
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Determine whether the two congruences x? = 13 (mod 23) and x’ = 15 (mod 29) are 
solvable. 
If p is a prime and gcd(k , p — 1) = 1, prove that the integers 


1 De 3F copy 


form a reduced set of residues modulo p. 

Let r be a primitive root of the odd prime p, and letd = gcd(k , p — 1). Prove that the val- 
ues of a for which the congruence x* = a (mod p) is solvable are r@, r72,..., rl(P-D/4l4, 
If r is a primitive root of the odd prime p, show that 


ai 
ind, (p — a) = ind, a+ P=" (mod p — 1) 


and, consequently, that only half of an index table need be calculated to complete the 
table. 
(a) Letr be a primitive root of the odd prime p. Establish that the exponential congruence 


a“ = b (mod p) 


has a solution if and only if d | ind, b, where the integer d = gcd(ind, a, p — 1); in 
this case, there are d incongruent solutions modulo p — 1. 

(b) Solve the exponential congruences 4* = 13 (mod 17) and 5% = 4 (mod 19). 

For which values of b is the exponential congruence 9* = b (mod 13) solvable? 


CHAPTER 


9 


THE QUADRATIC RECIPROCITY LAW 


The moving power of mathematical invention is not reasoning but imagination. 
A. DEMoRGAN 


9.1 EULER’S CRITERION 


As the heading suggests, the present chapter has as its goal another major contribu- 
tion of Gauss: the Quadratic Reciprocity Law. For those who consider the theory of 
numbers “the Queen of Mathematics,” this is one of the jewels in her crown. The 
intrinsic beauty of the Quadratic Reciprocity Law has long exerted a strange fasci- 
nation for mathematicians. Since Gauss’ time, over a hundred proofs of it, all more 
or less different, have been published (in fact, Gauss himself eventually devised 
seven). Among the eminent mathematicians of the 19th century who contributed 
their proofs appear the names of Cauchy, Jacobi, Dirichlet, Eisenstein, Kronecker, 
and Dedekind. 

Roughly speaking, the Quadratic Reciprocity Law deals with the solvability of 
quadratic congruences. Therefore, it seems appropriate to begin by considering the 
congruence 


ax”? + bx +c =0 (mod p) (1) 


where p is an odd prime and a ¥ 0 (mod p); that is, gcd(a , p) = 1. The supposition 
that p is an odd prime implies that gcd(4a , p) = 1. Thus, the quadratic congruence 
in Eq. (1) is equivalent to 


4a(ax* + bx +c) = 0 (mod DP) 
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By using the identity 
Aa(ax” + bx +c) = (2ax + by — (b* — 4ac) 
the last-written quadratic congruence may be expressed as 
(2ax + by = (b* — 4ac) (mod p) 
Now put y = 2ax + b and d = b* — 4ac to get 
* = d (mod p) (2) 


If x = xo (mod p) is a solution of the quadratic congruence in Eq. (1), then the integer 
y = 2axo + b (mod p) satisfies the quadratic congruence in Eq. (2). Conversely, if 
y = yo (mod p) is a Solution of the quadratic congruence in Eq. (2), then 2ax = 
yo — 6 (mod p) can be solved to obtain a solution to Eq. (1). 

Thus, the problem of finding a solution to the quadratic congruence in Eq. (1) 
is equivalent to that of finding a solution to a linear congruence and a quadratic 
congruence of the form 


x* =a (mod p) (3) 


If p|a, then the quadratic congruence in Eq. (3) has x = 0 (mod p) as its only 
solution. To avoid trivialities, let us agree to assume hereafter that p { a. 

Granting this, whenever x? =a (mod p) admits a solution x = Xo, there is also 
a second solution x = p — Xo. This second solution is not congruent to the first. 
For x9 = Pp — Xo (mod p) implies that 2x9 = O (mod p), or x9 = 0 (mod p), which 
is impossible. By Lagrange’s theorem, these two solutions exhaust the incongruent 
solutions of x* = a (mod p). In short: x? = a (mod p) has exactly two solutions or 
no solutions. 

A simple numerical example of what we have just said is provided by the 
quadratic congruence 


5x? — 6x +2 = 0 (mod 13) 
To obtain the solution, we replace this congruence by the simpler one 
y” = 9 (mod 13) 
with solutions y = 3, 10 (mod 13). Next, solve the linear congruences 
10x = 9 (mod 13) 10x = 16 (mod 13) 


It is not difficult to see that x = 10, 12 (mod 13) satisfy these equations and, by our 
previous remarks, also the original quadratic congruence. 

The major effort in this presentation is directed toward providing a test for the 
existence of solutions of the quadratic congruence 


x’ =a (mod p) gecd(a, p) = 1 (4) 


To put it differently, we wish to identify those integers a that are perfect squares 
modulo p. 
Some additional terminology will help us to discuss this situation concisely. 
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Definition 9.1. Let p be an odd prime and gcd(a , p) = 1. If the quadratic congruence 
x* =a (mod p) has a solution, then a is said to be a quadratic residue of p. Otherwise, 


a is called a quadratic nonresidue of p. 


The point to bear in mind is that if a = b (mod p), then a is a quadratic residue 
of p if and only if b is a quadratic residue of p. Thus, we only need to determine 
the quadratic character of those positive integers less than p to ascertain that of any 
integer. 


Example 9.1. Consider the case of the prime p = 13. To find out how many of the 
integers 1, 2, 3,..., 12 are quadratic residues of 13, we must know which of the 
congruences 


x* =a (mod 13) 


are solvable when a runs through the set {1,2,..., 12}. Modulo 13, the squares of the 
integers 1, 2,3,..., 12 are 

ie ae 

eo ee 

37=10°=9 

Pay =3 

Sc eo 12 

=F =10 


Consequently, the quadratic residues of 13 are 1, 3, 4, 9, 10, 12, and the nonresidues 
are 2, 5, 6, 7, 8, 11. Observe that the integers between 1 and 12 are divided equally 
among the quadratic residues and nonresidues; this is typical of the general situation. 

For p = 13 there are two pairs of consecutive quadratic residues, the pairs 3, 4 
and 9, 10. It can be shown that for any odd prime p there are i(p — 4 —(-—1)?-)/?) 
consecutive pairs. 


Euler devised a simple criterion for deciding whether an integer a is a quadratic 
residue of a given prime p. 


Theorem 9.1 Euler’s criterion. Let p be an odd prime and gcd(a, p) = 1. Thena 
is a quadratic residue of p if and only if a?~)/? = 1 (mod p). 


Proof. Suppose that a is a quadratic residue of p, so that x* = a (mod p) admits a so- 
lution, call it x;. Because gcd(a , p) = 1, evidently gcd(x; , p) = 1. We may therefore 
appeal to Fermat’s theorem to obtain 


PDI? = (x2)P-D/? = xP! = 1 (mod p) 


For the opposite direction, assume that the congruence a'’?~)/* = 1 (mod p) 
holds, and let r be a primitive root of p. Then a = r* (mod p) for some integer k, with 
1<k < p —1. It follows that 


pk(P-D/2 = gP-D/2 = 4] (mod p) 
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By Theorem 8.1, the order of r (namely, p — 1) must divide the exponent k(p — 1)/2. 
The implication is that k is an even integer, say k = 27. Hence, 


(ri? =r?) =r* =a (mod p) 


y) 


making the integer r/ a solution of the congruence x” = a (mod p). This proves that 


a is a quadratic residue of the prime p. 


Now if p (as always) is an odd prime and gcd(a, p) = 1, then 
(a? Di? _ yq?-D? + 1) = a?~! — 1 = 0 (mod p) 
the last congruence beirig justified by Fermat’s theorem. Hence, either 
a'?—-Y/2 = 1 (mod p) or a?~)/? = —1 (mod p) 


but not both. For, if both congruences held simultaneously, then we would have 
1 = —1 (mod p), or equivalently, p | 2, which conflicts with our hypothesis. Because 
a quadratic nonresidue of p does not satisfy a’?~/* = 1 (mod p), it must therefore 
satisfy a‘?~))/* = —] (mod p). This observation provides an alternate formulation 
of Euler’s criterion: the integer a is a quadratic nonresidue of the prime p if and only 
if a?—)/? = —1 (mod p). 

Putting the various pieces together, we come up with the following corollary. 


Corollary. Let p be an odd prime and gcd(a, p) = 1. Then a is a quadratic residue 
or nonresidue of p according to whether 


a?-Y/2 = 1 (mod p) or a?~/? = -1 (mod p) 


Example 9.2. In the case where p = 13, we find that 
23-D/2 — 9° — 64 = 12 = —1 (mod 13) 


Thus, by virtue of the last corollary, the integer 2 is a quadratic nonresidue of 13. 
Because 


3(13-D/2 _ 36 — (27)? = 1* = 1 (mod 13) 


the same result indicates that 3 is a quadratic residue of 13 and so the congruence 
x* = 3 (mod 13) is solvable; in fact, its two incongruent solutions are x = 4 and 
9 (mod 13). 


There is an alternative proof of Euler’s criterion (due to Dirichlet) that is longer, 
but perhaps more illuminating. The reasoning proceeds as follows. Let a be a 
quadratic nonresidue of p and let c be any one of the integers 1, 2,..., p—1. 
By the theory of linear congruences, there exists a solution c’ of cx = a (mod p), 
with c’ also in the set {1, 2, ..., p — 1}. Note that c’ 4 c; otherwise we would have 
c* =a (mod p), which contradicts what we assumed. Thus, the integers between 1 
and p — 1 can be divided into (p — 1)/2 pairs, c, c’, where cc’ = a (mod p). This 
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leads to (p — 1)/2 congruences, 
cic; =a (mod p) 


cc, =a (mod p) 


C(p-1)/2€(p—1y/2 = @ (mod p) 
Multiplying them together and observing that the product 
CCPC) +» C(p—1)/2€(y—1y/2 
is simply a rearrangement of 1 -2-3---(p — 1), we obtain 
(p — 1)! =a”~Y?? (mod p) 


At this point, Wilson’s theorem enters the picture; for, (p — 1)! = —1 (mod p), so 
that 


a'P- Vi? = —] (mod P) 


which is Euler’s criterion when a is a quadratic nonresidue of p. 

We next examine the case in which a is a quadratic residue of p. In this setting 
the congruence x” = a (mod p) admits two solutions x = x; and x = p — x1, for 
Some x, satisfying 1 < x, < p—1. If x; and p—-x, are removed from the set 
{1,2,..., p — 1}, then the remaining p — 3 integers can be grouped into pairs c, c’ 
(where c ¥ c’) such that cc’ = a (mod p). To these (p — 3)/2 congruences, add the 
congruence 


x\(p — x1) = —xj = —a (mod p) 
Upon taking the product of all the congruences involved, we arrive at the relation 
(p — 1)! = —a”~)? (mod p) 
Wilson’s theorem plays its role once again to produce 
a'?—-D/? = | (mod p) 


Summing up, we have shown that a‘’~))/* = 1 (mod p) or a?~))/? = —1 (mod p) 
according to whether a is a quadratic residue or nonresidue of p. 

Euler’s criterion is not offered as a practical test for determining whether a given 
integer is or 1s not a quadratic residue; the calculations involved are too cumbersome 
unless the modulus is small. But as a crisp criterion, easily worked with for theoretic 
purposes, it leaves little to be desired. A more effective method of computation is 
embodied in the Quadratic Reciprocity Law, which we shall prove later in the chapter. 


PROBLEMS 9.1 


1. Solve the following quadratic congruences: 
(a) x* + 7x + 10 = 0 (mod 11). 
(b) 3x* + 9x + 7 = 0 (mod 13). 
(c) 5x? + 6x + 1 = 0 (mod 23). 
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. Prove that the quadratic congruence 6x” + 5x + 1 = 0 (mod p) has a solution for every 


prime p, even though the equation 6x” + 5x + 1 = 0 has no solution in the integers. 


. (a) For an odd prime p, prove that the quadratic residues of p are congruent modulo p 


to the integers 


J 52 AD p= 1 : 
1°,2°,3°,...,| ——_ 
2 


(b) Verify that the quadratic residues of 17 are 1, 2, 4, 8, 9, 13, 15, 16. 


. Show that 3 is a quadratic residue of 23, but a nonresidue of 31. 
. Given that a is a quadratic residue of the odd prime p, prove the following: 


(a) a is not a primitive root of p. 

(b) The integer p — a is a quadratic residue or nonresidue of p according as p = 1 
(mod 4) or p = 3 (mod 4). 

(c) If p = 3 (mod 4), then x = +a’t/4 (mod p) are the solutions of the congruence 


x* =a (mod p). 


. Let p be an odd prime and gcd(a, p) = 1. Establish that the quadratic congruence 


ax* + bx + c = 0(mod p) is solvable if and only if b? — 4ac is either zero or a quadratic 
residue of p. 


. If p = 2* + 1 is prime, verify that every quadratic nonresidue of p is a primitive root 


of p. 
[Hint: Apply Euler’s criterion. ] 


. Assume that the integer r is a primitive root of the prime p, where p = 1 (mod 8). 


(a) Show that the solutions of the quadratic congruence x* = 2 (mod p) are given by 
x Str? 4 -P—D8) (mod p) 


(Hint: First confirm that r3°?-))/? = —1 (mod p).] 
(b) Use part (a) to find all solutions to the two congruences x” = 2 (mod 17) and x? = 2 
(mod 41). 


. (a) If ab =r (mod p), where r is a quadratic residue of the odd prime p, prove that a 


and b are both quadratic residues of p or both nonresidues of p. 
(b) If a and b are both quadratic residues of the odd prime p or both nonresidues of p, 
show that the congruence ax? = b (mod p) has a solution. 
[Hint: Multiply the given congruence by a’ where aa’ = 1 (mod p).] 
Let p be an odd prime and gcd(a , p) = gcd(b, p) = 1. Prove that either all three of the 
quadratic congruences 


x? =a(modp) x*=b(modp)  x* =ab (mod p) 


are solvable or exactly one of them admits a solution. 
(a) Knowing that 2 is a primitive root of 19, find all the quadratic residues of 19. 

[Hint: See the proof of Theorem 9.1.] 
(b) Find the quadratic residues of 29 and 31. 
If n > 2 and gcd(a,n) = 1, then a is called a quadratic residue of m whenever there 
exists an integer x such that x* = a (mod n). Prove that if a is a quadratic residue of 
n > 2, then a?”/? = 1 (mod n). 
Show that the result of the previous problem does not provide a sufficient condition for 
the existence of a quadratic residue of n; in other words, find relatively prime integers 
a and n, with a?/* = 1 (mod n), for which the congruence x* = a (mod n) is not 
solvable. 
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9.2 THE LEGENDRE SYMBOL AND ITS PROPERTIES 


Euler’s studies on quadratic residues were further developed by the French mathe- 
matician Adrien Marie Legendre (1752-1833). Legendre’s memoir “Recherches 
d’Analyse Indéterminée” (1785) contains an account of the Quadratic Reci- 
procity Law and its many applications, a sketch of a theory of the representa- 
tion of an integer as the sum of three squares, and the statement of a theorem 
that was later to become famous: Every arithmetic progression ax + b, where 
gcd(a,b) = 1, contains an infinite number of primes. The topics covered in 
“Recherches” were taken up in a more thorough and systematic fashion in his 
Essai sur la Théorie des Nombres, which appeared in 1798. This represented 
the first “modern” treatise devoted exclusively to number theory, its precursors 
being translations or commentaries on Diophantus. Legendre’s Essai was subse- 
quently expanded into his Théorie des Nombres. The results of his later research 
papers, inspired to a large extent by Gauss, were included in 1830 in a two- 
volume third edition of the Théorie des Nombres. This remained, together with the 
Disquisitiones Arithmeticae of Gauss, a standard work on the subject for many years. 
Although Legendre made no great innovations in number theory, he raised fruit- 
ful questions that provided subjects of investigation for the mathematicians of the 
19th century. 

Before leaving Legendre’s mathematical contributions, we should mention that 
he is also known for his work on elliptic integrals and for his Eléments de Géométrie 
(1794). In this last book, he attempted a pedagogical improvement of Euclid’s Ele- 
ments by rearranging and simplifying many of the proofs without lessening the rigor 
of the ancient treatment. The result was so favorably received that it became one of 
the most successful textbooks ever written, dominating instruction in geometry for 
over a century through its numerous editions and translations. An English translation 
was made in 1824 by the famous Scottish essayist and historian Thomas Carlyle, 
who was in early life a teacher of mathematics; Carlyle’s translation ran through 
33 American editions, the last not appearing until 1890. In fact, Legendre’s revision 
was used at Yale University as late as 1885, when Euclid’s Elements was finally 
abandoned as a text. 

Our future efforts will be greatly simplified by the use of the symbol (a/ p); this 
notation was introduced by Legendre in his Essai and is called, naturally enough, 
the Legendre symbol. 


Definition 9.2. Let p be an odd prime and let gcd(a, p) = 1. The Legendre symbol 
(a/p) is defined by 


1 if aisa quadratic residue of p 


(a/p)= | 


—1 if aisa quadratic nonresidue of p 


For the want of better terminology, we shall refer to a as the numerator and p 
as the denominator of the symbol (a/p). Another standard notation for the Legendre 
symbol is GG» or (a | p). 
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Example 9.3. Let us look at the prime p = 13, in particular. Using the Legendre 
symbol, the results of an earlier example may be expressed as 


(1/13) = (3/13) = (4/13) = (9/13) = (10/13) = (12/13) = 1 
and 


(2/13) = (5/13) = (6/13) = (7/13) = (8/13) = (11/13) = —1 


Remark. For p | a, we have purposely left the symbol (a/p) undefined. Some authors 
find it convenient to extend Legendre’s definition to this case by setting (a/p) = 0. 
One advantage of this is that the number of solutions of x* = a (mod p) can then be 
given by the simple formula 1 + (a/p). 


The next theorem establishes certain elementary facts concerning the Legendre 
symbol. 


Theorem 9.2. Let p be an odd prime and let a and b be integers that are relatively 
prime to p. Then the Legendre symbol has the following properties: 


(a) Ifa = b (mod p), then (a/p) = (b/p). 
(b) (a*/p) = 1. 

(c) (a/p) = a?—” (mod p). 

(d) (ab/p) = (a/p)(b/p). 

(e) (1/p) = 1 and (-1/p) = (-)@-Y?. 

Proof. If a =b (mod p), then the two congruences x7 =a (mod p) and x7 = b 
(mod p) have exactly the same solutions, if any at all. Thus, x* =a (mod p) and 
x? = b (mod p) are both solvable, or neither one has a solution. This is reflected in the 
statement (a/p) = (b/p). 

Regarding property (b), observe that the integer a trivially satisfies the congruence 
x* = a’ (mod p); hence, (a7/p) = 1. Property (c) is just the corollary to Theorem 9.1 
rephrased in terms of the Legendre symbol. We use (c) to establish property (d): 


(ab/p) = (aby? = a? OP HPO” = (a/p)(b/p)(mod p) 


Now the Legendre symbol assumes only the values 1 or —1. If (ab/p) 4 (a/p)(b/ p), 
we would have 1 = —1 (mod p) or 2 = 0 (mod p); this cannot occur, because p > 2. 
It follows that 


(ab/p) = (a/p)(b/p) 


Finally, we observe that the first equality in property (e) is a special case of property 
(b), whereas the second one is obtained from property (c) upon setting a = —1. Because 
the quantities (—1/p) and (—1)?-))” are either 1 or —1, the resulting congruence 


(—1/p) = (-1)"~P” (mod p) 
implies that (—1/p) = (—1)?-)”. 


From parts (b) and (d) of Theorem 9.2, we may also abstract the relation 


(f) (ab*/p) = (a/p)(b?/p) = (a/p) 
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In other words, a square factor that is relatively prime to p can be deleted from the 
numerator of the Legendre symbol without affecting its value. 

Because (p — 1)/2 is even for a prime p of the form 4k + 1 and odd for p 
of the form 4k + 3, the equation (—1/p) = (—1)”~)/* permits us to add a small 
supplemental corollary to Theorem 9.2. 


Corollary. If p is an odd prime, then 


1 if p=1(mod 4) 


a= L: if p = 3 (mod 4) 


This corollary may be viewed as asserting that the quadratic congruence x7 = 


—1 (mod p) has a solution for an odd prime p if and only if p is of the form 4k + 1. 
The result is not new, of course; we have merely provided the reader with a different 
path to Theorem 5.5. 


Example 9.4. Let us ascertain whether the congruence x7 = —46 (mod 17) is solvable. 
This can be done by evaluating the Legendre symbol (—46/17). We first appeal to 
properties (d) and (e) of Theorem 9.2 to write 


(—46/17) = (—1/17)(46/17) = (46/17) 
Because 46 = 12 (mod 17), it follows that 
(46/17) = (12/17) 
Now property (f) gives 
(12/17) = (3 - 27/17) = (3/17) 
But 
(3/17) = 307-D? = 38 = (81) = (—4)* = —1 (mod 17) 


where we have made appropriate use of property (c) of Theorem 9.2; hence, (3/17) = 
—1. Inasmuch as (—46/17) = —1, the quadratic congruence x” = —46 (mod 17) 
admits no solution. 


The corollary to Theorem 9.2 lends itself to an application concerning the dis- 
tribution of primes. 


Theorem 9.3. There are infinitely many primes of the form 4k + 1. 


Proof. Suppose that there are finitely many such primes; let us call them p, p2,.--, Dn 
and consider the integer 


N = (2pipo--: pny +1 


Clearly N is odd, so that there exists some odd prime p with p| N. To put it another 
way, 


(2p1p2--* Pn)’ = —1 (mod p) 
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or, if we prefer to phrase this in terms of the Legendre symbol, (—1/p) = 1. But the 
relation (—1/p) = 1 holds only if p is of the form 4k + 1. Hence, p is one of the primes 
Pi, implying that p; divides N — (2p, p2--- Pn)’, or p; | 1, which is a contradiction. 
The conclusion: There must exist infinitely many primes of the form 4k + 1. 


We dig deeper into the properties of quadratic residues with Theorem 9.4. 


Theorem 9.4. If p is an odd prime, then 


p-l 


>_@/p) = 0 


a=1 


Hence, there are precisely (p — 1)/2 quadratic residues and (p — 1)/2 quadratic non- 
residues of p. 


Proof. Let r be a primitive root of p. We know that, modulo p, the powers r, 
r?,...,r?—! are just a permutation of the integers 1, 2,..., p — 1. Thus, for any 
a lying between 1 and p —1, inclusive, there exists a unique positive integer k 
(1 <k < p—1), such that a =r* (mod p). By appropriate use of Euler’s criterion, 


we have 
(a/p) = (r*/p) = (r*)P PY? = (PV?) = (—1)* (mod p) (1) 


where, because r is a primitive root of p, r?~/* = —1 (mod p). But (a/p) and (—1)* 
are equal to either 1 or —1, so that equality holds in Eq. (1). Now add up the Legendre 
symbols in question to obtain 


p-1 p-1 
\ “(a/p) = > (-1)* =0 
a=1l k=1 


which is the desired conclusion. 


The proof of Theorem 9.4 serves to bring out the following point, which we 
record as a corollary. 


Corollary. The quadratic residues of an odd prime p are congruent modulo p to the 
even powers of a primitive root r of p; the quadratic nonresidues are congruent to the 
odd powers of r. 


For an illustration of the idea just introduced, we again fall back on the prime 
p = 13. Because 2 is a primitive root of 13, the quadratic residues of 13 are given 
by the even powers of 2, namely, 
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all congruences being modulo 13. Similarly, the nonresidues occur as the odd powers 
of 2: 


=) 2 = 
2 = 8 2° 5 
2 =6 7] 
Most proofs of the Quadratic Reciprocity Law, and ours as well, rest ultimately 
upon what is known as Gauss’ lemma. Although this lemma gives the quadratic 


character of an integer, it is more useful from a theoretic point of view than as a 
computational device. We state and prove it below. 


Theorem 9.5 Gauss’ lemma. Let p be an odd prime and let gcd(a, p) = 1. If n 
denotes the number of integers in the set 


—] 
= Ja,2a,3a,.... (25 Jal 


whose remainders upon division by p exceed p/2, then 


(a/p) =(-1)" 


Proof. Because gcd(a , p) = 1, none of the (p — 1)/2 integers in S is congruent to zero 
and no two are congruent to each other modulo p. Let rj), ..., 7, be those remainders 
upon division by p such that O < 7; < p/2, and lets), ..., 5, be those remainders such 
that p > s; > p/2. Thenm +n = (p — 1)/2, and the integers 

Piet P—S1,-+-,D—Sn 


are all positive and less than p/2. 
To prove that these integers are all distinct, it suffices to show that no p — s; is 
equal to any r;. Assume to the contrary that 


Pos = T; 


for some choice of i and 7. Then there exist integers u andv, with 1 < u,v < (p — 1)/2, 
satisfying s; = ua (mod p) andr; = va (mod p). Hence, 


(u+v)a=s; +r; = p =0 (mod p) 


which says that u + v =0 (mod p). But the latter congruence cannot take place, 
because 1 <u+v<p-—l. 
The point we wish to bring out is that the (p — 1)/2 numbers 


arreree a= P—S1,---,P—Sn 


are simply the integers 1,2,...,(p — 1)/2, not necessarily in order of appearance. 
Thus, their product is [(p — 1)/2]!: 


—] 
(2 )ta rete = 50-959 


= 11 °+'lm(—51)-+-(—Sn) (mod p) 
= (-1)"r1 +++ m51 +++ S, (mod p) 
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But we know that 71,...,/%m, 51,-..,5, are congruent modulo p to a, 2a,..., 
[(p — 1)/2]a, in some order, so that 


(24>) =(—1)"a-2a--- Gwk (mod p) 


= (—1)"a?-D?2 (2): (mod p) 


Because [(p — 1)/2]! is relatively prime to p, it may be canceled from both sides of 
this congruence to give 


= (—1)"a?—) (mod p) 
or, upon multiplying by (—1)”, 
a0" = (-1)" (mod p) 
Use of Euler’s criterion now completes the argument: 
(a/p) = a?~" = (—1)" (mod p) 
which implies that 
(a/p) =(-1)" 
By way of illustration, let p = 13 and a = 5. Then (p — 1)/2 = 6, so that 
S = {5, 10, 15, 20, 25, 30} 
Modulo 13, the members of S are the same as the integers 
5,10; 2-7.-12,4 
Three of these are greater than 13/2; hence, n = 3, and Theorem 9.5 says that 
(5/13) =(-1)° = -1 
Gauss’ lemma allows us to proceed to a variety of interesting results. For one 
thing, it provides a means for determining which primes have 2 as a quadratic residue. 
Theorem 9.6. If p is an odd prime, then 


1 if p=1 (mod 8) or p =7 (mod 8) 


(2/p) = = if p = 3 (mod 8) or p = 5 (mod 8) 


Proof. According to Gauss’ lemma, (2/p) = (—1)”, where n is the number of integers 


in the set 
— |] 
$= |1-2,2-2,3-2,...,(P5).2} 


which, upon division by p, have remainders greater than p/2. The members of S are 

all less than p, so that it suffices to count the number that exceed p/2. For 1 <k < 

(p — 1)/2, we have 2k < p/2if and only ifk < p/4. If[ ] denotes the greatest integer 
function, then there are [p/4] integers in S less than p/2; hence, 

we cae 

n= —— — a 
2 4 
is the number of integers that are greater than p/2. 
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Now we have four possibilities; for, any odd prime has one of the forms 8k + 1, 
8k + 3, 8k +5, or 8k + 7. A simple calculation shows that 


] 
if p= Bk-+ Athen n = 4k — [2k + 2] = ak — 2k = 2k 
3 
if p= Bk-+ 3, thenn = 4k 1 ~ [2k 4 3] = 4k 12k = 241 


1 
if p = Bk + 5,thenn = 4k +2—[2k-+1 + 5] 
= 4k 4+2—(2k4+ 1) =2k+1 
3 
if p= 8k + To then = 4k +3—[2k-+ 1+ 3] 


= 4k +3—(2k+1)=2k+2 


Thus, when p is of the form 8k + 1 or 8k + 7, n is even and (2/p) = 1; on the 
other hand, when p assumes the form 8k + 3 or 8k + 5, n is odd and (2/p) = —1. 


Notice that if the prime p is of the form 8k + 1 (equivalently, p = 1 (mod 8) or 
Pp =7 (mod 8)), then 


p?—-1_ (8k+1)P—1  64k* + 16k 
8 8 en: 


— 8k* + 2k 


which is an even integer; in this situation, (—1)’”~)/8 = 1 = (2/p). On the other 

hand, if p is of the form 8k + 3 (equivalently, p = 3 (mod 8) or p = 5 (mod 8)), 
then 

p?>—-1 (8k+3)P—1  64k*° + 48K +8 

rr 


— 8k? +6k +1 


which is odd; here, we have (—1)~)/8 = —1 = (2/p). These observations are 
incorporated in the statement of the following corollary to Theorem 9.6. 


Corollary. If p is an odd prime, then 
Q/p) =(-r-" 


It is time for another look at primitive roots. As we have remarked, there is no 
general technique for obtaining a primitive root of an odd prime p; the reader might, 
however, find the next theorem useful on occasion. 


Theorem 9.7. If p and 2p + 1 are both odd primes, then the integer (—1)'?~)/72 is a 
primitive root of 2p + 1. 


Proof. For ease of discussion, let us put g = 2p + 1. We distinguish two cases: p = 
1 (mod 4) and p = 3 (mod 4). 
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If p = 1 (mod 4), then (—1)”—)/*2 = 2. Because $(q) = gq — 1 = 2p, the order of 
2 modulo gq is one of the numbers 1, 2, p, or 2p. Taking note of property (c) of 
Theorem 9.2, we have 


(2/q) = 24-Y/? = 2? (mod q) 


But, in the present setting, gq = 3 (mod 8); whence, the Legendre symbol (2/q) = —1. 
It follows that 2? = —1 (mod q), and therefore 2 cannot have order p modulo q. 
The order of 2 being neither 1, 2, (27 = 1 (mod q) implies that g | 3, which is an 
impossibility) nor p, we are forced to conclude that the order of 2 modulo gq is 2p. 
This makes 2 a primitive root of q. 

We now deal with the case p = 3 (mod 4). This time, (—1)~)/*2 = —2 and 


(—2)* = (—2/q) = (—1/9)(2/q) (mod q) 


Because g =7 (mod 8), the corollary to Theorem 9.2 asserts that (—1/q) = —1, 
whereas once again we have (2/q) = 1. This leads to the congruence (—2)? = —1 
(mod q). From here on, the argument duplicates that of the last paragraph. Without 
analyzing further, we announce the decision: —2 is a primitive root of the prime q. 


Theorem 9.7 indicates, for example, that the primes 11, 59, 107, and 179 have 
2 aS a primitive root. Likewise, the integer —2 serves as a primitive root for 7, 23, 
47, and 167. 

Before retiring from the field, we should mention another result of the same 
character: if both p and 4p + 1 are primes, then 2 is a primitive root of 4p + 1. 
Thus, to the list of prime numbers having 2 for a primitive root, we could add, say, 
13, 29, 53, and 173. 

An odd prime p such that 2p + 1 is also a prime is called a Germain prime, after 
the French number theorist Sophie Germain (1776-1831). An unresolved problem 
is to determine whether there exist infinitely many Germain primes. The largest such 
known today is p = 2540041185 - 2!!*”*° — 1, which has 34547 digits. 

There is an attractive proof of the infinitude of primes of the form 8k — 1 that 
can be based on Theorem 9.6. 


Theorem 9.8. There are infinitely many primes of the form 8k — 1. 


Proof. As usual, suppose that there are only a finite number of such primes. Let these 
be pi, P2,---, Pn and consider the integer 


N = (4pip2-+: Pn — 2 
There exists at least one odd prime divisor p of N, so that 
(4p1p2--+ Pn)’ = 2 (mod p) 


or (2/p) = 1. In view of Theorem 9.6, p = +1 (mod 8). If all the odd prime divisors 
of N were of the form 8k + 1, then N would be of the form 8a + 1; this is clearly 
impossible, because N is of the form 16a — 2. Thus, N must have a prime divisor g of 
the form 8k — 1. But g | N, and gq |(4p1 p2-- + Pn)* leads to the contradiction that g | 2. 


The next result, which allows us to effect the passage from Gauss’ lemma to the 
Quadratic Reciprocity Law (Theorem 9.9), has some independent interest. 
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Lemma. If p is an odd prime and a an odd integer, with gcd(a, p) = 1, then 
(a/p) = (1) elo 


Proof. We shall employ the same notation as in the proof of Gauss’ lemma. Consider 


the set of integers 
—] 
Ss = {2,205.0 (2a 
2 


Divide each of these multiples of a by p to obtain 
ka=qept+t 1<%<p-1 


Then ka/p = qx + t&/p, so that [ka/p] = q,. Thus, for 1 < k < (p — 1)/2, we may 
write ka in the form 


ka 
ka = = Dt+t (1) 
Pp 
If the remainder t, < p/2, then it is one of the integers 7), ..., 7; on the other hand, 
if t > p/2, then it is one of the integers 51, ..., Sp. 
Taking the sum of the (p — 1)/2 equations in Eq. (1), we get the relation 
(p—1)/2 (p—1)/2 i m n 
ye ka= [lot ont os Q 
k=l ca EP k=l k=l 
It was learned in proving Gauss’ lemma that the (p — 1)/2 numbers 
eee a DP —S1,--->DP—Spn 
are just a rearrangement of the integers 1, 2,..., (p — 1)/2. Hence 
(p—1)/2 m n m n 
Yo k= ore + (Pp — 5) = pnt Don — Do se (3) 
k=l k=1 k=1 k=1 k=1 


Subtracting Eq. (3) from Eq. (2) gives 


(p—1)/2 (p—1)/2 ka n 
(a — 1) 3 K=0('D [Me ]-)+2yos (4) 
k=1 


k=1 k=1 


Let us use the fact that p = a =J1 (mod 2) and translate this last equation into a 
congruence modulo 2: 


(p—1)/2 (p—1)/2 ka 
0.) k=1-( >> Fae (mod 2) 
P 


Or 


(p—1)/2 
r= 2 (mod 2) 


k=1 


The rest follows from Gauss’ lemma; for, 
(a/p) = (—1)" = (-1)="1” ea/? 


as we wished to show. 
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For an example of this last result, again consider p = 13 and a = 5. Because 


(p — 1)/2 = 6, it is necessary to calculate [ka/p] fork =1,..., 6: 


By 


con 


[5/13] = [10/13] =0 
[15/13] = [20/13] = [25/13] = 1 
[30/13] = 2 
the lemma just proven, we have 
(5/13) = (—1) +4142 — (-1)8 = -1 


firming what was earlier seen. 


PROBLEMS 9.2 


1. 


Find the value of the following Legendre symbols: 
(a) (19/23). 

(b) (—23/59). 

(c) (20/31). 

(d) (18/43). 

(e) (—72/131). 


. Use Gauss’ lemma to compute each of the Legendre symbols below (that is, in each case 


obtain the integer n for which (a/p) = (—1)”): 
(a) (8/11). 
(b) (7/13). 
(c) (5/19). 
(d) (11/23). 
(e) (6/31). 


. For an odd prime p, prove that there are (p — 1)/2 — @(p — 1) quadratic nonresidues of 


p that are not primitive roots of p. 


. (a) Let p be an odd prime. Show that the Diophantine equation 


x? + py+ta=0 ecd(a, p) = 1 


has an integral solution if and only if (—a/p) = 1. 
(b) Determine whether x* + 7y — 2 = Ohas a solution in the integers. 


. Prove that 2 is not a primitive root of any prime of the form p = 3 - 2” + 1, except when 


p = 13. 
(Hint: Use Theorem 9.6.] 


. (a) If p is an odd prime and gcd(ab, p) = 1, prove that at least one of a, b, or ab is a 


quadratic residue of p. 
(b) Given a prime p, show that, for some choice of n > 0, p divides 


(n? — 2)(n? — 3)(n? — 6) 


. If p is an odd prime, show that 


p—2 
(a+ 1)/p) = -1 


a=1 


[Hint: If a’ is defined by aa’ = 1 (mod p), then (a(a + 1)/p) = (1 +. a’)/p). Note that 
1 + a’ runs through a complete set of residues modulo p, except for the integer 1.] 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 
18. 


9.3 
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. Prove the statements below: 


(a) If p and g = 2p + 1 are both odd primes, then —4 is a primitive root of q. 
(b) If p = 1 (mod 4) is a prime, then —4 and (p — 1)/4 are both quadratic residues of p. 


. Fora prime p = 7 (mod 8), show that p | 2-1/2 — 1, 


[Hint: Use Theorem 9.6. ] 

Use Problem 9 to confirm that the numbers 2” — 1 are composite for n = 11, 23, 83, 

131, 179, 183, 239, 251. 

Given that p and g = 4p + 1 are both primes, prove the following: 

(a) Any quadratic nonresidue of g is either a primitive root of g or has order 4 modulo q. 
[Hint: If a is a quadratic nonresidue of q, then —1 = (a/q) = a*P (mod q); hence, 
a has order 1, 2,4, p, 2p, or 4p modulo q.] 

(b) The integer 2 is a primitive root of q; in particular, 2 is a primitive root of the primes 
13, 29, 53, and 173. 

If r is a primitive root of the odd prime p, prove that the product of the quadratic residues 

of p is congruent modulo p to r”°—/4 and the product of the nonresidues of p is 

congruent modulo p to r'?-)"/4, 

[Hint: Apply the corollary to Theorem 9.4. ] 

Establish that the product of the quadratic residues of the odd prime p is congruent 

modulo p to 1 or —1 according as p = 3 (mod 4) or p = 1 (mod 4). 

[Hint: Use Problem 12 and the fact that r“??—?/* = —1 (mod p). Or, Problem 3(a) of 

Section 9.1 and the proof of Theorem 5.5.] 

(a) If the prime p > 3, show that p divides the sum of its quadratic residues. 

(b) If the prime p > 5, show that p divides the sum of the squares of its quadratic 
nonresidues. 

Prove that for any prime p > 5 there exist integers 1 < a, b < p — 1 for which 


(a/p)=(at+1/p)=1 and (b/p)=(6+1/p)=-!1 


that is, there are consecutive quadratic residues of p and consecutive nonresidues. 

(a) Let p be an odd prime and gcd(a, p) = gcd(k, p) = 1. Show that if the equation 
x* — ay” = kp admits a solution, then (a/p) = 1; for example, (2/7) = 1, because 
67—2-27=4.7. 

[Hint: If xo, yo satisfy the given equation, then (xo yg =e a (mod p).] 

(b) By considering the equation x” + 5y* = 7, demonstrate that the converse of the result 
in part (a) need not hold. 

(c) Show that, for any prime p = +3 (mod 8), the equation x? — 2y* = phasno solution. 

Prove that the odd prime divisors p of the integers 9” + 1 are of the form p = 1 (mod 4). 

For a prime p = 1 (mod 4), verify that the sum of the quadratic residues of p is equal to 

P(p — 1)/4. 

[Hint: If a,, ..., a, are the quadratic residues of p less than p/2, then p — aj,..., p — @ 

are those greater than p/2.] 


a= 


QUADRATIC RECIPROCITY 


Let p and q be distinct odd primes, so that both of the Legendre symbols (p/q) 
and (q/p) are defined. It is natural to enquire whether the value of (p/q) can be 
determined if that of (g /p) is known. To put the question more generally, is there any 
connection at all between the values of these two symbols? The basic relationship was 
conjectured experimentally by Euler in 1783 and imperfectly proved by Legendre 
two years thereafter. Using his symbol, Legendre stated this relationship in the 
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elegant form that has since become known as the Quadratic Reciprocity Law: 


(p/q\q/p) = (-1)> *= 


Legendre went amiss in assuming a result that is as difficult to prove as the law 
itself, namely, that for any odd prime p = 1 (mod 8), there exists another prime 
q = 3 (mod 4) for which p is a quadratic residue. Undaunted, he attempted another 
proof in his Essai sur la Théorie des Nombres (1798); this one also contained a 
gap, because Legendre took for granted that there are an infinite number of primes 
in certain arithmetical progressions (a fact eventually proved by Dirichlet in 1837, 
using in the process very subtle arguments from complex variable theory). 

At the age of 18, Gauss (in 1795), apparently unaware of the work of either 
Euler or Legendre, rediscovered this reciprocity law and, after a year’s unremit- 
ting labor, obtained the first complete proof. “It tortured me,’ says Gauss, “for the 
whole year and eluded my most strenuous efforts before, finally, I got the proof 
explained in the fourth section of the Disquisitiones Arithmeticae.” In the Disquti- 
sitiones Arithmeticae—which was published in 1801, although finished in 1798— 
Gauss attributed the Quadratic Reciprocity Law to himself, taking the view that a 
theorem belongs to the one who gives the first rigorous demonstration. The indig- 
nant Legendre was led to complain: “This excessive impudence is unbelievable in 
a man who has sufficient personal merit not to have the need of appropriating the 
discoveries of others.” All discussion of priority between the two was futile; because 
each clung to the correctness of his position, neither took heed of the other. Gauss 
went on to publish five different demonstrations of what he called “the gem of higher 
arithmetic,” and another was found among his papers. The version presented below, a 
variant of one of Gauss’ own arguments, is due to his student, Ferdinand Eisenstein 
(1823-1852). The proof is challenging (and it would perhaps be unreasonable to 
expect an easy proof), but the underlying idea is simple enough. 


Theorem 9.9 Quadratic Reciprocity Law. If p and g are distinct odd primes, then 
=1g= 
(p/qXq/p) =(-l)? = 


Proof. Consider the rectangle in the xy coordinate plane whose vertices are (0, 0), 
(p/2,0), (0, ¢/2), and (p/2, q/2). Let R denote the region within this rectangle, not 
including any of the bounding lines. The general plan of attack is to count the number 
of lattice points (that is, the points whose coordinates are integers) inside R in two 
different ways. Because p and gq are both odd, the lattice points in R consist of all 
points (n,m), where 1 <n < (p—1)/2 and 1 < m < (q — 1)/2; clearly, the number 
of such points is 


Now the diagonal D from (0, 0) to (p/2, q/2) has the equation y = (q/p)x, or 
equivalently, py = qx. Because gcd(p , gq) = 1, none of the lattice points inside R will 
lie on D. For p must divide the x coordinate of any lattice point on the line py = qx, and 
q must divide its y coordinate; there are no such points in R. Suppose that 7; denotes 
the portion of R that is below the diagonal D, and T> the portion above. By what we 
have just seen, it suffices to count the lattice points inside each of these triangles. 
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The number of integers in the interval 0 < y < kq/p is equal to [kq/p]. Thus, 
for 1 < k < (p — 1)/2, there are precisely [kq/p] lattice points in 7; directly above 
the point (k, 0) and below D; in other words, lying on the vertical line segment from 
(k, O) to (k, kq/p). It follows that the total number of lattice points contained in 77 is 


oa E | 
fad bed 


0, g/2 
in, (p/2, q/2) 


(p/2, 0) 


A similar calculation, with the roles of p and qg interchanged, shows that the number 


of lattice points within 7 is 
—I)/2r: 
ip | 
j= Ld 


This accounts for all of the lattice points inside R, so that 


1 g—-1.) PobrE, @-D/2r: 
ce aS 214 y 2 

p jal. 
The time has come for Gauss’ lemma to do its duty: 


(p/qXq/p) = (—I=Ht Pla). (yD tea 
= (=) Lipa ea 


=()2 
The proof of the Quadratic Reciprocity Law is now complete. 


An immediate consequence of this is Corollary 1. 
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Corollary 1. If p and g are distinct odd primes, then 


1 if p =1(mod4) org = 1 (mod 4) 


(P/q)(4/P) = = if p =q = 3 (mod 4) 


Proof. The number (p — 1)/2 -(g — 1)/2 is even if and only if at least one of the 
integers p and gq is of the form 4k + 1; if both are of the form 4k + 3, then the product 


(p — 1)/2-(q — 1)/2 is odd. 


Multiplying each side of the equation of the Quadratic Reciprocity Law by (q/p) 
and using the fact that (¢/p)* = 1, we could also formulate this as Corollary 2. 
Corollary 2. If p and qg are distinct odd primes, then 


(q/p) if p =1 (mod 4) org = 1 (mod 4) 


Let us see what this last series of results accomplishes. Take p to be an odd 
prime and a ~ +1 to be an integer not divisible by p. Suppose further that a has the 
factorization 


a= +20 pi py ee p™ 
where the p; are distinct odd primes. Because the Legendre symbol is multiplicative, 


(a/p) = (£1/p)(2/ py (pi/ py" ++ (pr / py 


To evaluate (a/p), we have only to calculate each of the symbols (—1/p), (2/p), 
and (p;/p). The values of (—1/p) and (2/p) were discussed earlier, so that the one 
stumbling block is (p;/p), where p; and p are distinct odd primes; this is where the 
Quadratic Reciprocity Law enters. For Corollary 2 allows us to replace (p;/p) by a 
new Legendre symbol having a smaller denominator. Through continued inversion 
and division, the computation can be reduced to that of the known quantities 


(-I/q) (/q)  (/q) 
This is all somewhat vague, of course, so let us look at a concrete example. 
Example 9.5. Consider the Legendre symbol (29/53), for instance. Because both 29 = 
1 (mod 4) and 53 = 1 (mod 4), we see that 
(29/53) = (53/29) = (24/29) = (2/29)(3/29)(4/29) = (2/29)(3/29) 
With reference to Theorem 9.6, (2/29) = —1, while inverting again, 
(3/29) = (29/3) = (2/3) = —1 
where we used the congruence 29 = 2 (mod 3). The net effect is that 


(29/53) = (2/29)(3/29) = (-1\(-1) = 1 
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The Quadratic Reciprocity Law provides a very satisfactory answer to the prob- 
lem of finding odd primes p ¥ 3 for which 3 is a quadratic residue. Because 3 = 3 


(mod 4), Corollary 2 of Theorem 9.9 implies that 
(p/3) if p = 1 (mod 4) 

3/p) = | 
—(p/3) if p =3 (mod 4) 


Now p = 1 (mod 3) or p = 2 (mod 3). By Theorems 9.2 and 9.6, 


1 if p =1 (mod 3) 
(p/3) = Bes 
the implication of which is that (3/p) = 1 if and only if 
p=1(mod4) and = p=1(mod3) (1) 
or 
p=3(mod4) and =  p=2(mod3) (2) 


The restrictions in the congruencies in Eq. (1) are equivalent to requiring that p = 
1 (mod 12) whereas those congruencies in Eq. (2) are equivalent to p = 11 = —-1 
(mod 12). The upshot of all this is Theorem 9.10. 


Theorem 9.10. If p 4 3 is an odd prime, then 


1 if p= +1 (mod 12) 


(3/p) = | if p = +5 (mod 12) 


Example 9.6. For an example of the solution of a quadratic congruence with a com- 
posite modulus, consider 


x? = 196 (mod 1357) 
Because 1357 = 23 - 59, the given congruence is solvable if and only if both 
x* =196(mod23) and x” = 196 (mod 59) 


are solvable. Our procedure is to find the values of the Legendre symbols (196/23) and 
(196/59). 
The evaluation of (196/23) requires the use of Theorem 9.10: 


(196/23) = (12/23) = G/23) = 1 


Thus, the congruence x” = 196 (mod 23) admits a solution. As regards the symbol 
(196/59), the Quadratic Reciprocity Law enables us to write 


(196/59) = (19/59) = —(59/19) = —(2/19) = —(—1) = 1 


Therefore, it is possible to solve x? = 196 (mod 59) and, in consequence, the congru- 
ence x* = 196 (mod 1357) as well. 

To arrive at a solution, notice that the congruence x” = 196 = 12 (mod 23) is 
satisfied by x = 9, 14 (mod 23), and x? = 196 = 19 (mod 59) has solutions x = 14, 45 
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(mod 59). We may now use the Chinese Remainder Theorem to obtain the simultaneous 
solutions of the four systems: 

x = 14 (mod 23) and x = 14 (mod 59) 

x = 14 (mod 23) and x = 45 (mod 59) 

x = 9 (mod 23) and x = 14 (mod 59) 

x = 9 (mod 23) and x = 45 (mod 59) 


The resulting values x = 14, 635, 722, 1343 (mod 1357) are the desired solutions of 
the original congruence x” = 196 (mod 1357). 


Example 9.7. Let us turn to a quite different application of these ideas. At an earlier 
stage, it was observed that if F, = 27° + 1,n > 1, is a prime, then 2 is not a primitive 
root of F,,. We now possess the means to show that the integer 3 serves as a primitive 
root of any prime of this type. 

As a first step in this direction, note that any F,, is of the form 12k + 5. A sim- 
ple induction argument confirms that 4” = 4 (mod 12) form = 1,2,...; hence, we 
must have 


F,=27 +1=27"41=4"+41=5 (mod 12) 
If F,, happens to be prime, then Theorem 9.10 permits the conclusion 
(3/Fn) = —1 
or, using Euler’s criterion, 
3Fn—D/e = _] (mod F,) 
Switching to the phi-function, the last congruence says that 
30/2 = —1 (mod Fy) 
From this, it may be inferred that 3 has order @(F,,) modulo F,, and therefore 3 is a 
primitive root of F,,. For if the order of 3 were a proper divisor of 
@(F,) = Fy — 1 = 2” 
then it would also divide @(F,,)/2, leading to the contradiction 
3°(Fn)/2 = 1 (mod F,) 


PROBLEMS 9.3 


1. Evaluate the following Legendre symbols: 
(a) (71/73). 
(b) (—219/383). 
(c) (461/773). 
(d) (1234/4567). 
(e) (3658/12703). 
[Hint: 3658 = 2-31-59.) 
2. Prove that 3 is a quadratic nonresidue of all primes of the form 27” + 1, and all primes 
of the form 2? — 1, where p is an odd prime. 
[Hint: For all n, 4” = 4 (mod 12).] 
3. Determine whether the following quadratic congruences are solvable: 
(a) x* = 219 (mod 419). 


10. 


11. 


12. 


13. 


14. 
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(b) 3x7 + 6x +5 = 0 (mod 89). 
(c) 2x* + 5x —9 =0 (mod 101). 


. Verify that if p is an odd prime, then 


1 if p=1(mod8) or p=3 (mod 8) 


2p)={ if p=5(mod8) or p=7 (mod 8) 


. (a) Prove that if p > 3 is an odd prime, then 


1 if p=1(mod6) 


(—3/p) = { if p = 5 (mod 6) 


(b) Using part (a), show that there are infinitely many primes of the form 6k + 1. 
[Hint: Assume that p;, p2,.-.., p, are all the primes of the form 6k + 1 and consider 
the integer N = (2p, po --- p-)* + 3.] 


. Use Theorem 9.2 and Problems 4 and 5 to determine which primes can divide integers 


of the forms n? + 1, n? + 2, orn? + 3 for some value of n. 


. Prove that there exist infinitely many primes of the form 8k + 3. 


[Hint: Assume that there are only finitely many primes of the form 8k + 3, say pj, 
P2,--+, Pr, and consider the integer N = (pi p2--- p,)* +2.] 


. Find a prime number p that is simultaneously expressible in the forms x? + y”, u? + 2v’, 


and r? + 35°. 
[Hint: (—1/p) = (-2/p) = (-3/p) = 1.1] 


. If p and q are odd primes satisfying p = gq + 4a for some a, establish that 


(a/p) = (a/q@) 


and, in particular, that (6/37) = (6/13). 

[Hint: Note that (a/p) = (—q/p) and use the Quadratic Reciprocity Law. ] 

Establish each of the following assertions: 

(a) (5/p) = 1 if and only if p = 1, 9, 11, or 19 (mod 20). 

(b) (6/p) = 1 if and only if p = 1, 5, 19, or 23 (mod 24). 

(c) (7/p) = 1 if and only if p = 1, 3, 9, 19, 25, or 27 (mod 28). 

Prove that there are infinitely many primes of the form 5k — 1. 

[Hint: For any n > 1, the integer 5(n!)* — 1 has a prime divisor p > n that is not of the 

form 5k + 1; hence, (5/p) = 1.] 

Verify the following: 

(a) The prime divisors p 4 3 of the integer n* — n + 1 are of the form 6k + 1. 
[Hint: If p |n* —n +1, then (2n — 1)? = —3 (mod p).] 

(b) The prime divisors p 45 of the integer n? +n — 1 are of the form 10k +1 or 
10k + 9. 

(c) The prime divisors p of the integer 2n(n + 1) + 1 are of the form p = 1 (mod 4). 
[Hint: If p | 2n(n + 1) + 1, then (2n + 1)* = —1 (mod p).] 

(d) The prime divisors p of the integer 3n(n + 1) + 1 are of the form p = 1 (mod 6). 

(a) Show that if p is a prime divisor of 839 = 38? — 5 - 117, then (5/p) = 1. Use this 
fact to conclude that 839 is a prime number. 
[Hint: It suffices to consider those primes p < 29.] 

(b) Prove that both 397 = 20* — 3 and 733 = 29? — 3 - 6” are primes. 

Solve the quadratic congruence x” = 11 (mod 35). 

(Hint: After solving x* = 11 (mod 5) and x” = 11 (mod 7), use the Chinese Remainder 

Theorem. | 
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15. Establish that 7 is a primitive root of any prime of the form p = 2" + 1. 
[Hint: Because p = 3 or 5 (mod 7), (7/p) = (p/7) = —1.] 

16. Let a and b > 1 be relatively prime integers, with b odd. If b = p, p2--- p, is the de- 
composition of b into odd primes (not necessarily distinct) then the Jacobi symbol (a/b) 
is defined by 


(a/b) = (a/pi)(a/p2)---(a/Pr) 


where the symbols on the right-hand side of the equality sign are Legendre symbols. 
Evaluate the Jacobi symbols 


(21/221) (215/253)  (631/1099) 


17. Under the hypothesis of the previous problem, show that if a is a quadratic residue of b, 
then (a/b) = 1; but, the converse is false. 
18. Prove that the following properties of the Jacobi symbol hold: If b and b’ are positive 
odd integers and gcd(aa’ , bb’) = 1, then 
(a) a =a’ (mod b) implies that (a/b) = (a’/b). 
(b) (aa'/b) = (a/b)(a‘/b). 
(c) (a/bb’) = (a/b)(a/b’). 
(d) (a*/b) = (a/b) = 1. 
(e) (1/b) = 1. 
(f) (—1/b) = (—1)@-. 
[Hint: Whenever u and v are odd integers, (u — 1)/2 + (v — 1)/2 = (uv — 1)/2 (mod 
2).] 
(g) (2/b) = (-)P V4. 
[Hint: Whenever u and v are odd integers, (u* — 1)/8 + (v* — 1)/8 = [(uv)? — 1]/8 
(mod 2).] 
19. Derive the Generalized Quadratic Reciprocity Law: Ifa and b are relatively prime positive 
odd integers, each greater than 1, then 
a—| b— 
(a/b\(b/a) =(-1)% * 
[Hint: See the hint in Problem 18(f).] 
20. Using the Generalized Quadratic Reciprocity Law, determine whether the congruence 
x? = 231 (mod 1105) is solvable. 


9.4 QUADRATIC CONGRUENCES WITH COMPOSITE MODULI 


So far in the proceedings, quadratic congruences with (odd) prime moduli have been 
of paramount importance. The remaining theorems broaden the horizon by allowing 
a composite modulus. To start, let us consider the situation where the modulus is a 
power of a prime. 


Theorem 9.11. If p is an odd prime and gcd(a, p) = 1, then the congruence 
x’ =a (mod p”) n> |] 
has a solution if and only if (a/p) = 1. 
Proof. As is common with many “if and only if” theorems, half of the proof is trivial 


whereas the other half requires considerable effort: If x7 = a (mod p”) has a solution, 
then so does x* = a (mod p)—in fact, the same solution—whence (a/p) = 1. 
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For the converse, suppose that (a/p) = 1. We argue that x* =a (mod p”) is 
solvable by inducting onn. Ifn = 1, there is really nothing to prove; indeed, (a/p) = 1 
is just another way of saying that x7 = a (mod p) can be solved. Assume that the result 
holds for n = k > 1, so that x? = a (mod p*) admits a solution xo. Then 


xi =a+ bp" 
for an appropriate choice of b. In passing from k to k + 1, we shall use xo and b to 


write down explicitly a solution to the congruence x? = a (mod p**'). 
Toward this end, we first solve the linear congruence 


2x9y = —b (mod p) 


obtaining a unique solution yo modulo p (this is possible because gcd(2xo9 , p) = 1). 
Next, consider the integer 


x1 = xo + yop" 


Upon squaring this integer, we get 


(xo + yop")* = x6 + 2xoyop* + ye p™* 


=a+(b + 2xoyo)p* + yop* 


But p|(6 + 2xoyo), from which it follows that 


xt = (xo + yop“)? = a (mod p**') 


—_ 


Thus, the congruence x a (mod p”) has a solution for n = k + 1 and, by induction, 


for all positive integers n. 
Let us run through a specific example in detail. The first step in obtaining a 
solution of, say, the quadratic congruence 
x* = 23 (mod 7’) 
is to solve x” = 23 (mod 7), or what amounts to the same thing, the congruence 
x* = 2 (mod 7) 


Because (2/7) = 1, a solution surely exists; in fact, x9 = 3 is an obvious choice. 


Now x can be represented as 


3* = 9 = 23+ (-2)7 


so that b = —2 (in our special case, the integer 23 plays the role of a). Following 
the proof of Theorem 9.11, we next determine y so that 
6y = 2 (mod 7) 


that is, 3y = 1 (mod 7). This linear congruence is satisfied by yp = 5. Hence, 
xo + 7y9 = 347-5 = 38 


serves as a solution to the original congruence x7 = 23 (mod 49). It should be noted 
that —38 = 11 mod (49) is the only other solution. 
If, instead, the congruence 


x* = 23 (mod 7°) 
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were proposed for solution, we would start with 

x* = 23 (mod 7’) 
obtaining a solution x9 = 38. Because 

387 = 23+ 29.7? 
the integer b = 29. We would then find the unique solution yo = 1 of the linear 
congruence 

76y = —29 (mod 7) 
Then x* = 23 (mod 7°) is satisfied by 

xo t yo - 7° = 38+1-49 = 87 


as well as —87 = 256 (mod 7°). 
Having dwelt at length on odd primes, let us now take up the case p = 2. The 
next theorem supplies the pertinent information. 


Theorem 9.12. Let a be an odd integer. Then we have the following: 


(a) x” =a (mod 2) always has a solution. 
(b) x* =a (mod 4) has a solution if and only if a = 1 (mod 4). 
(c) x? =a (mod 2"), for n > 3, has a solution if and only if a = 1 (mod 8). 


Proof. The first assertion is obvious. The second depends on the observation that the 
square of any odd integer is congruent to 1 modulo 4. Consequently, x” = a (mod 4) 
can be solved only when a is of the form 4k + 1; in this event, there are two solutions 
modulo 4, namely, x = 1 and x = 3. 

Now consider the case in which n > 3. Because the square of any odd integer 
is congruent to 1 modulo 8, we see that for the congruence x” = a (mod 2”) to be 
solvable a must be of the form 8k + 1. To go the other way, let us suppose that a = 
1 (mod 8) and proceed by induction on the exponent n. When n = 3, the congruence 
x? =a (mod 2") is certainly solvable; indeed, each of the integers 1, 3, 5, 7 satisfies 
x* = 1 (mod 8). Fix a value of n > 3 and assume, for the induction hypothesis, that 
the congruence x* = a (mod 2”) admits a solution x9. Then there exists an integer b 
for which 


x§ =a+t b2" 


Because a is odd, so is the integer xo. It is therefore possible to find a unique solution 
yo of the linear congruence 


xoy = —b (mod 2) 
We argue that the integer 
x1 = Xo + yo2" 
satisfies the congruence x” = a (mod 2"t'). Squaring yields 
(xo + yo2""!)? = xg + xoyo2" + yg27"* 
=a+t (b+ xoyo)2" + yg2°" 
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By the way yo was chosen, 2 | (b + xo yo); hence, 
x? = (xp + yo2""')? = a (mod 2"*') 


(we also use the fact that 2n —-2 =n+1+(n—3)>n-+1). Thus, the congruence 
x* = a (mod 2"*') is solvable, completing the induction step and the proof. 


To illustrate: The quadratic congruence x* = 5 (mod 4) has a solution, but 
x* = 5 (mod 8) does not; on the other hand, both x* = 17 (mod 16) and x? = 17 
(mod 32) are solvable. 

In theory, we can now completely settle the question of when there exists an 
integer x such that 


x*=a(modn) ~~ gcd(a,n)=1 n> 


For suppose that n has the prime-power decomposition 


n=2pipP-..pe ky > 0, = 0 


r 


where the p; are distinct odd primes. Since the problem of solving the quadratic 
congruence x” = a (mod) is equivalent to that of solving the system of congruences 


x? =a (mod 2") 


x? =a (mod pi’) 


x? =a (mod p*") 


our last two results may be combined to give the following general conclusion. 


Theorem 9.13. Let n = 2% pi ..- p* be the prime factorization of n > 1 and let 
gcd(a,n) = 1. Then x* = a (mod n) is solvable if and only if 


(a) (2/7 pi) = 1 fort 1; 2,257: 
(b) a = 1 (mod 4) if 4|n, but 8 J n; a = 1 (mod 8) if 8|n. 


PROBLEMS 9.4 


1. (a) Show that 7 and 18 are the only incongruent solutions of x* = —1 (mod 5’). 
(b) Use part (a) to find the solutions of x? = —1 (mod 5°). 
2. Solve each of the following quadratic congruences: 
(a) x? = 7 (mod 3°). 
(b) x? = 14 (mod 5°). 
(c) x* =2(mod7?). 
3. Solve the congruence x* = 31 (mod 11%). 
. Find the solutions of x? + 5x + 6 = 0 (mod 53) and x? + x + 3 = 0 (mod 3°). 
5. Prove that if the congruence x? =a (mod 2”), where a is odd and n > 3, has a solution, 
then it has exactly four incongruent solutions. 
(Hint: If xo is any solution, then the four integers x9, —x9, x9 + 2"-', —xo + 2"-! are 
incongruent modulo 2” and comprise all the solutions. ] 


oe 
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10. 


. For fixed n > 1, show that all the solvable congruences x 
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. From 23? = 17 (mod 2’), find three other solutions of the quadratic congruence x* = 17 


(mod 2’). 


. First determine the values of a for which the congruences below are solvable, and then 


find the solutions of these congruences: 

(a) x7 =a (mod 2°). 

(b) x* =a (mod 2°). 

(c) x? =a (mod 2°). 

*=a (mod n) with 
gcd(a ,n) = | have the same number of solutions. 


. (a) Without actually finding them, determine the number of solutions of the congruences 


x? = 3 (mod 11? - 237) and x? = 9 (mod 23 - 3 - 5’). 

(b) Solve the congruence x* = 9 (mod 2? - 3 - 57), 

(a) For an odd prime p, prove that the congruence 2x” + 1 = 0 (mod p) has a solution 
if and only if p = 1 or 3 (mod 8). 

(b) Solve the congruence 2x” + 1 = 0 (mod 117). 
[Hint: Consider integers of the form xp + 11k, where xo is a solution of 2x* +1 = 
0 (mod 11).] 


CHAPTER 
INTRODUCTION TO CRYPTOGRAPHY 


I am fairly familiar with all forms of secret writings and am myself the 
author of a trifling manuscript on the subject. 
SIR ARTHUR CONAN DOYLE 


10.1 FROM CAESAR CIPHER TO PUBLIC KEY CRYPTOGRAPHY 


Classically, the making and breaking of secret codes has usually been confined to 
diplomatic and military practices. With the growing quantity of digital data stored 
and communicated by electronic data-processing systems, organizations in both the 
public and commercial sectors have felt the need to protect information from un- 
wanted intrusion. Indeed, the widespread use of electronic funds transfers has made 
privacy a pressing concern in most financial transactions. There thus has been a 
recent surge of interest by mathematicians and computer scientists in cryptogra- 
phy (from the Greek kryptos meaning hidden and graphein meaning to write), the 
science of making communications unintelligible to all except authorized parties. 
Cryptography is the only known practical means for protecting information transmit- 
ted through public communications networks, such as those using telephone lines, 
microwaves, or satellites. 

In the language of cryptography, where codes are called ciphers, the information 
to be concealed is called plaintext. After transformation to a secret form, a message 
is called ciphertext. The process of converting from plaintext to ciphertext is said 
to be encrypting (or enciphering), whereas the reverse process of changing from 
ciphertext back to plaintext is called decrypting (or deciphering). 
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One of the earliest cryptographic systems was used by the great Roman emperor 
Julius Caesar around 50 B.c. Caesar wrote to Marcus Cicero using a rudimentary 
substitution cipher in which each letter of the alphabet is replaced by the letter that 
occurs three places down the alphabet, with the last three letters cycled back to the 
first three letters. If we write the ciphertext equivalent underneath the plaintext letter, 
the substitution alphabet for the Caesar cipher is given by 


Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ 
Ciphertext: DEFGHIJKLMNOPQRSTUVWXYZABC 
For example, the plaintext message 
CAESAR WAS GREAT 
is transformed into the ciphertext 
FDHVDU ZDV JUHDW 


The Caesar cipher can be described easily using congruence theory. Any plaintext 
is first expressed numerically by translating the characters of the text into digits by 
means of some correspondence such as the following: 


A B C D E F G H I J K L M 
00 OL O02 03 O04 O05 06 O7 O08 O9 10 I1 12 


N O P QRS TUVWX Y Z 
13 14 15 16 17 18 19 20 21 22 23 24 25 


If P is the digital equivalent of a plaintext letter and C is the digital equivalent of 
the corresponding ciphertext letter, then 


C = P +3 (mod 26) 


Thus, for instance, the letters of the message in Eq. (1) are converted to their equiv- 
alents: 


02 00 04 18 O00 17 22 OO 18 06 17 O04 OO 19 
Using the congruence C = P + 3 (mod 26), this becomes the ciphertext 
05 03 O7 21 03 20 25 03 21 09 20 O7 O03 22 
To recover the plaintext, the procedure is simply reversed by means of the congruence 
P=C-—-3=C+4+23 (mod 26) 


The Caesar cipher is very simple and, hence, extremely insecure. Caesar himself 
soon abandoned this scheme—not only because of its insecurity, but also because 
he did not trust Cicero, with whom he necessarily shared the secret of the cipher. 

An encryption scheme in which each letter of the original message is replaced 
by the same cipher substitute is known as a monoalphabetic cipher. Such crypto- 
graphic systems are extremely vulnerable to statistical methods of attack because 
they preserve the frequency, or relative commonness, of individual letters. In a 
polyalphabetic cipher, a plaintext letter has more than one ciphertext equivalent: the 
letter E, for instance, might be represented by J, Q, or X, depending on where it 
occurs in the message. 


INTRODUCTION TO CRYPTOGRAPHY 199 


General fascination with cryptography had its initial impetus with the short 
story The Gold Bug, published in 1843 by the American writer Edgar Allan Poe. 
It is a fictional tale of the use of a table of letter frequencies to decipher directions 
for finding Captain Kidd’s buried treasure. Poe fancied himself a cryptologist far 
beyond the ordinary. Writing for Alexander’s Weekly, a Philadelphia newspaper, he 
once issued a claim that he could solve “forthwith” any monoalphabetic substitution 
cipher sent in by readers. The challenge was taken up by one G. W. Kulp, who 
submitted a 43-word ciphertext in longhand. Poe showed in a subsequent column 
that the entry was not genuine, but rather a “jargon of random characters having no 
meaning whatsoever.” When Kulp’s cipher submission was finally decoded in 1975, 
the reason for the difficulty became clear; the submission contained a major error on 
Kulp’s part, along with 15 minor errors, which were most likely printer’s mistakes 
in reading Kulp’s longhand. 

The most famous example of a polyalphabetic cipher was published by the 
French cryptographer Blaise de Vigenére (1523-1596) in his Traicté de Chiffres 
of 1586. To implement this system, the communicating parties agree on an easily 
remembered word or phrase. With the standard alphabet numbered from A = 00 to 
Z = 25, the digital equivalent of the keyword is repeated as many times as nec- 
essary beneath that of the plaintext message. The message is then enciphered by 
adding, modulo 26, each plaintext number to the one immediately beneath it. The 
process may be illustrated with the keyword READY, whose numerical version 
is 1704 00 03 24. Repetitions of this sequence are arranged below the numerical 
plaintext of the message 


ATTACK AT ONCE 
to produce the array 


00 19 19 OO O02 10 00 19 14 13 02 04 
17 04 00 03 24 I7 04 00 03 24 17 04 


When the columns are added modulo 26, the plaintext message is encrypted as 
17 23 19 03 OO O1 04 19 17 11 19 08 
or, converted to letters, 
RXTDAB ET RLII 


Notice that a given letter of plaintext is represented by different letters in ciphertext. 
The double T in the word ATTACK no longer appears as a double letter when 
ciphered, while the ciphertext letter R first corresponds to A and then to O in the 
original message. 

In general, any sequence of n letters with numerical equivalents b,, b2,..., Dy 
(OO < 5; < 25) will serve as the keyword. The plaintext message is expressed as 
successive blocks P; P2--- P, of n two-digit integers P;, and then converted to 
ciphertext blocks C,C2 ---C, by means of the congruences 


Decryption 1s carried out by using the relations 
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A weakness in Vigenére’s approach is that once the length of the keyword has 
been determined, a coded message can be regarded as a number of separate mono- 
alphabetic ciphers, each subject to straightforward frequency analysis. A variant to 
the continued repetition of the keyword is what is called a running key, a random 
assignment of ciphertext letters to plaintext letters. A favorite procedure for generat- 
ing such keys is to use the text of a book, where both sender and recipient know the 
title of the book and the starting point of the appropriate lines. Because a running 
key cipher completely obscures the underlying structure of the original message, the 
system was long thought to be secure. But it does not, as Scientific American once 
claimed, produce ciphertext that is “impossible of translation.” 

A clever modification that Vigenére contrived for his polyalphabetic cipher is 
currently called the autokey (“automatic key’). This approach makes use of the 
plaintext message itself in constructing the encryption key. The idea is to start off 
the keyword with a short seed or primer (generally a single letter) followed by 
the plaintext, whose ending is truncated by the length of the seed. The autokey 
cipher enjoyed considerable popularity in the 16th and 17th centuries, since all it 
required of a legitimate pair of users was to remember the seed, which could easily be 
changed. 

Let us give a simple example of the method. 


Example 10.1. Assume that the message 
ONE IF BY DAWN 
is to be encrypted. Taking the letter K as the seed, the keyword becomes 


KONEIFB YDAW 


When both the plaintext and keyword are converted to numerical form, we obtain the 
array 


14 13 04 08 05 Ol 24 03 00 22 13 
10 14 13 04 08 05 Ol 24 03 OO 22 


Adding the integers in matching positions modulo 26 yields the ciphertext 
24 O1 17 12 13 06 25 01 03 22 09 
or, changing back to letters: 
YBR MN GZ BDWJ 
Decipherment is achieved by returning to the numerical form of both the plain- 
text and its ciphertext. Suppose that the plaintext has digital equivalents P; P2... P, 


and the ciphertext C,C ... C,,. If S indicates the seed, then the first plaintext number 
iS 


Py = Cy — S = 24 — 10 = 14 (mod 26) 
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Thus, the deciphering transformation becomes 
P, = Cy — Pe_1 (mod 26),2<k<n 
This recovers, for example, the integers 
P, = 01 — 14 = —13 = 13 (mod 26) 
P3 17 — 13 = 4 (mod 26) 


where, to maintain the two-digit format, the 4 is written 04. 

A way to ensure greater security in alphabetic substitution ciphers was devised 
in 1929 by Lester Hill, an assistant professor of mathematics at Hunter College. 
Briefly, Hill’s approach is to divide the plaintext message into blocks of n letters 
(possibly filling out the last block by adding “dummy” letters such as X’s), and then 
to encrypt block by block using a system of n linear congruences in n variables. 
In its simplest form, when n = 2, the procedure takes two successive letters and 
transforms their numerical equivalents P,P; into a block C,C2 of ciphertext 
numbers via the pair of congruences 


C, =aP, + bP» (mod 26) 
C> = cP, + d P> (mod 26) 


To permit decipherment, the four coefficients a,b, c,d must be selected so the 
gcd(ad — bc, 26) = 1. 


Example 10.2. To illustrate Hill’s cipher, let us use the congruences 
C; = 2P, + 3P>, (mod 26) 
Cp = 5P, + 8P) (mod 26) 


to encrypt the message BUY NOW. The first block BU of two letters is numerically 
equivalent to 01 20. This is replaced by 


2(01) + 3(20) = 62 = 10 (mod 26) 
5(01) + 8(20) = 165 = 09 (mod 26) 
Continuing two letters at a time, we find that the completed ciphertext is 
10 09 09 16 16 12 


which can be expressed alphabetically as KJJ QQM. 

Decipherment requires solving the original system of congruences for P; and P2 
in terms of C; and C. It follows from the proof of Theorem 4.9 that the plaintext block 
P, P, can be recovered from the ciphertext block C; C2 by means of the congruences 


P, = 8C, — 3C2 (mod 26) 
P —5C; + 2C2 (mod 26) 
For the block 10 09 of ciphertext, we calculate 
P, = 8(10) — 3(09) = 53 = 01 (mod 26) 
P, —5(10) + 2(09) = —32 = 20 (mod 26) 


which is the same as the letter-pair BU. The remaining plaintext can be restored in a 
similar manner. 
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An influential nonalphabetic cipher was devised by Gilbert S. Verman in 1917 
while he was employed by the American Telephone and Telegraph Company 
(AT&T). Verman was interested in safeguarding information sent by the newly de- 
veloped teletypewriter. At that time, wire messages were transmitted in the Baudot 
code, a code named after its French inventor J. M. E. Baudot. Baudot represented 
each letter of the alphabet by a five-element sequence of two symbols. If we take 
the two symbols to be 1 and 0, then the complete table is given by 


A = 11000 J = 11010 S = 10100 
B = 10011 K = 11110 T = 00001 
C = 01110 L = 01001 U = 11100 
D = 10010 M = 00111 V=0l1111 
E = 10000 N = 00110 W = 11001 
F = 10110 O = 00011 X = 10111 
G=01011 P = 01101 Y = 10101 
H = 00101 Q = 11101 Z = 10001 
I = 01100 R = 01010 
Any plaintext message such as 
ACT NOW 


would first be transformed into a sequence of binary digits: 
1100001 11000001001100001111001 


Verman’s innovation was to take as the encryption key an arbitrary sequence of 1’s 
and 0’s with length the same as that of the numerical plaintext. A typical key might 
appear as 


101001011100100010001111001011 


where the digits could be chosen by flipping a coin with heads as 1 and tails as 0. 
Finally, the ciphertext is formed by adding modulo 2 the digits in equivalent places 
in the two binary strings. The result in this instance becomes 


011001100100101011101111110010 


A crucial point is that the intended recipient must possess in advance the encryption 
key, for then the numerical plaintext can be reconstructed by merely adding modulo 
2 corresponding digits of the encryption key and ciphertext. 

In the early applications of Verman’s telegraph cipher, the keys were written on 
numbered sheets of paper and then bound into pads held by both correspondents. A 
sheet was torn out and destroyed after its key had been used just once. For this reason, 
the Verman enciphering procedure soon became known as the one-time system 
or one-time pad. The cryptographic strength of Verman’s method of enciphering 
resided in the possibly extreme length of the encryption key and the absence of any 
pattern within its entries. This assured security that was attractive to the military or 
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diplomatic services of many countries. In 1963, for instance, a teleprinter hot line 
was established between Washington and Moscow using a one-time tape. 

In conventional cryptographic systems, such as Caesar’s cipher, the sender and 
receiver jointly have a secret key. The sender uses the key to encrypt the plaintext 
to be sent, and the receiver uses the same key to decrypt the ciphertext obtained. 
Public-key cryptography differs from conventional cryptography in that it uses two 
keys, an encryption key and a decryption key. Although the two keys effect inverse 
operations and are therefore related, there is no easily computed method of deriving 
the decryption key from the encryption key. Thus, the encryption key can be made 
public without compromising the decryption key; each user can encrypt messages, 
but only the intended recipient (whose decryption key is kept secret) can decipher 
them. A major advantage of a public-key cryptosystem is that it is unnecessary for 
senders and receivers to exchange a key in advance of their decision to communicate 
with each other. 

In 1977, R. Rivest, A. Shamir, and L. Adleman proposed a public-key crypto- 
system that uses only elementary ideas from number theory. Their enciphering sys- 
tem is called RSA, after the initials of the algorithm’s inventors. Its security depends 
on the assumption that in the current state of computer technology, the factorization 
of composite numbers with large prime factors is prohibitively time-consuming. 

Each user of the RSA system chooses a pair of distinct primes, p and q, large 
enough that the factorization of their product n = pq, called the enciphering modu- 
lus, is beyond all current computational capabilities. For instance, one might pick p 
and q with 200 digits each, so that n has roughly 400 digits. Having selected n, the 
user then chooses a random positive integer k, the enciphering exponent, satisfying 
gcd(k , d(n)) = 1. The pair (n, k) is placed in a public file, analogous to a telephone 
directory, as the user’s personal encryption key. This allows anyone else in the com- 
munication network to encrypt and send a message to that individual. Notice that 
whereas 7 is openly revealed, the listed public key does not mention the factors p 
and g of n. 

The encryption process begins with the conversion of the message to be sent 
into an integer M by means of a “digital alphabet” in which each letter, number, or 
punctuation mark of the plaintext is replaced by a two-digit integer. One standard 
procedure is to use the following assignment: 


A —00 K = 10 U = 20 1 = 30 
B—01 Li V=21 7231 
C=02 M = 12 W =22 eee) 
D=03 N= 13 X = 23 4 = 33 
E-04 O=14 Y=24 5 = 34 
F-—05 P—15 Z — 25 6 = 35 
G = 06 Q=16 = 26 7 = 36 
H =07 R=17 a7 8 — 37 
I= 08 S=18 ?= 28 9 — 38 
J—09 T= 19 0 = 29 | — 39 
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with 99 indicating a space between words. In this scheme, the message 
The brown fox is quick 
is transformed into the numerical string 
M = 1907049901171422139905 142399081899 162008021027 


It is assumed that the plaintext number M < n, where n is the enciphering modulus. 
Otherwise it would be impossible to distinguish M from any larger integer congruent 
toit modulon. When the message is too long to be handled as asingle number M < n, 
then M is broken up into blocks of digits M,, M2, ..., M, of the appropriate size. 
Each block is encrypted separately. 

Looking up the intended recipient’s encryption key (n, k) in the public directory, 
the sender disguises the plaintext number M as a ciphertext number r by raising M 
to the kth power and then reducing the result modulo n; that is, 


M* =r (mod n) 


A 200-character message can be encrypted in seconds on a high-speed computer. 
Recall that the public enciphering exponent k was originally selected so that 
gcd(k , d(n)) = 1. Although there are many suitable choices for k, an obvious sug- 
gestion is to pick k to be any prime larger than both p and q. 

At the other end, the authorized recipient deciphers the transmitted information 
by first determining the integer j, the secret recovery exponent, for which 


kj = 1 (mod ¢(n)) 


Because gcd(k , é(n)) = 1, this linear congruence has a unique solution modulo 
o(n). In fact, the Euclidean algorithm produces j as a solution x to the equation 


kx + b(n)y = 1 


The recovery exponent can only be calculated by someone who knows both k and 
b(n) = (p — 1)(q — 1) and, hence, knows the prime factors p and gq of n. Thus, j 
is secure from an illegitimate third party whose knowledge is limited to the public 
key (n, k). 

Matters have been arranged so that the recipient can now retrieve M from r 
by simply calculating r/ modulo n. Because kj = 1 + ¢(n)t for some integer f, it 
follows that 


ri = (M*)i — M!1tem)t 
= M(M?™) = M-1' = M (modn) 


whenever gcd(M ,n) = 1. In other words, raising the ciphertext number to the jth 
power and reducing it modulo vn recovers the original plaintext number M. 

The assumption that gcd(M ,n) = 1 was made to use Euler’s theorem. In the 
unlikely event that M and n are not relatively prime, a similar argument establishes 
thatr’ = M (mod p)andr/ = M (mod q), which then yields the desired congruence 
r/ = M (mod n). We omit the details. 

The major advantage of this ingenious procedure is that the encryption of a 
message does not require the knowledge of the two primes p and gq, but only their 
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product n; there is no need for anyone other than the receiver of the message ever to 
know the prime factors critical to the decryption process. 


Example 10.3. For the reader to gain familiarity with the RSA public-key algorithm, 
let us work an example in detail. We first select two primes 


p=29 G= 53 


of an unrealistically small size, to get an easy-to-handle illustration. In practice, p and 
q would be large enough so that the factorization of the nonsecret n = pq is not fea- 
sible. Our enciphering modulus is n = 29 - 53 = 1537 and ¢(n) = 28 - 52 = 1456. 
Because gcd(47, 1456) = 1, we may choose k = 47 to be the enciphering expo- 
nent. Then the recovery exponent, the unique integer j satisfying the congruence 
kj = 1 (mod ¢(n)), is 7 = 31. To encrypt the message 


NO WAY 


first translate each letter into its digital equivalent using the substitution mentioned 
earlier; this yields the plaintext number 


M = 131499220024 


We want each plaintext block to be an integer less than 1537. Given this restriction, 
it seems reasonable to split M into blocks of three digits each. The first block, 131, 
encrypts as the ciphertext number 


1314’ = 570 (mod 1537) 


These are the first digits of the secret transmission. At the other end, knowing that the 
recovery exponent is j = 31, the authorized recipient begins to recover the plaintext 
number by computing 


570°! = 131 (mod 1537) 


The total ciphertext of our message is 


0570 1222 0708 1341 

For the RSA cryptosystem to be secure it must not be computationally feasible 
to recover the plaintext M from the information assumed to be known to a third 
party, namely, the listed public-key (n, k). The direct method of attack would be 
to attempt to factor n, an integer of huge magnitude; for once the factors are deter- 
mined, the recovery exponent j can be calculated from ¢(n) = (p — 1)(q — 1)andk. 
Our confidence in the RSA system rests on what is known as the work factor, the 
expected amount of computer time needed to factor the product of two large primes. 
Factoring is computationally more difficult than distinguishing between primes and 
composites. On today’s fastest computers, a 200-digit number can routinely be tested 
for primality in less than 20 seconds, whereas the running time required to factor 
a composite number of the same size is prohibitive. It has been estimated that the 
quickest factoring algorithm known can use approximately (1.2)107° computer oper- 
ations to resolve an integer with 200 digits into its prime factors; assuming that each 
operation takes 1 nanosecond (10~? seconds), the factorization time would be about 
(3.8)10° years. Given unlimited computing time and some unimaginably efficient 
factoring algorithm, the RSA cryptosystem could be broken, but for the present it 
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appears to be quite safe. All we need do is choose larger primes p and gq for the 
enciphering moduli, always staying ahead of the current state of the art in factoring 
integers. 

A greater threat is posed by the use of widely distributed networks of computers, 
working simultaneously on pieces of data necessary for a factorization and commu- 
nicating their results to a central site. This is seen in the factoring of RSA-129, one 
of the most famous problems in cryptography. 

To demonstrate that their cryptosystem could withstand any attack on its security, 
the three inventors submitted a ciphertext message to Scientific American, with an 
offer of $100 to anyone who could decode it. The message depended on a 129-digit 
enciphering modulus that was the product of two primes of approximately the same 
length. This large number acquired the name RSA-129. Taking into account the 
most powerful factoring methods and fastest computers available at the time, it 
was estimated that at least 40 quadrillion years would be required to break down 
RSA-129 and decipher the message. However, by devoting enough computing power 
to the task the factorization was realized in 1994. A worldwide network of some 
600 volunteers participated in the project, running more than 1600 computers over 
an 8-month period. What seemed utterly beyond reach in 1977 was accomplished a 
mere 17 years later. The plaintext message is the sentence 


“The magic words are squeamish ossifrage.” 


(An ossifrage, by the way, is a kind of hawk.) 

Drawn up in 1991, the 42 numbers in the RSA Challenge List serve as something 
of a test for recent advances in factorization methods. The latest factoring success 
showed that the 174-digit number (576 binary digits) RSA-576 could be written as 
the product of two primes having 87 digits each. 


PROBLEMS 10.1 
1. Encrypt the message RETURN HOME using the Caesar cipher. 
2. If the Caesar cipher produced KDSSB ELUWKGDB, what is the plaintext message? 
3. (a) A linear cipher is defined by the congruence C = aP + b (mod 26), where a and b are 
integers with gcd(a , 26) = 1. Show that the corresponding decrypting congruence 
is P =a’(C — b) (mod 26), where the integer a’ satisfies aa’ = 1 (mod 26). 
(b) Using the linear cipher C =5P +11 (mod 26), encrypt the message NUMBER 
THEORY IS EASY. 
(c) Decrypt the message RXQTGU HOZTKGH FJ KTMMTG, which was produced using 
the linear cipher C = 3P + 7 (mod 26). 
4. In a lengthy ciphertext message, sent using a linear cipher C = aP + b (mod 26), the 
most frequently occurring letter is Q and the second most frequent is J. 
(a) Break the cipher by determining the values of a and b. 
[Hint: The most often used letter in English text is E, followed by T.] 
(b) Write out the plaintext for the intercepted message WCPQ JZQO MX. 
5. (a) Encipher the message HAVE A NICE TRIP using a Vigenére cipher with the keyword 
MATH. 
(b) The ciphertext BS FMX KFSGR JAPWL is known to have resulted from a Vigenére 
cipher whose keyword is YES. Obtain the deciphering congruences and read the 
message. 


10. 


11. 


12. 


13. 
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. (a) Encipher the message HAPPY DAYS ARE HERE using the autokey cipher with 


seed Q. 
(b) Decipher the message BBOT XWBZ AWUVGK, which was produced by the autokey 
cipher with seed RX. 


. (a) Use the Hill cipher 


C; 5P; + 2P> (mod 26) 


Cy = 3P, + 4P, (mod 26) 


to encipher the message GIVE THEM TIME. 
(b) The ciphertext ALXWU VADCOJO has been enciphered with the cipher 


C,; = 4P, + 11P) (mod 26) 


C2 3P; + 8P2 (mod 26) 


Derive the plaintext. 


. A long string of ciphertext resulting from a Hill cipher 


C; aP, + bP» (mod 26) 


Cy = cP, +dP> (mod 26) 


revealed that the most frequently occurring two-letter blocks were HO and PP, in that 
order. 
(a) Find the values of a, b, c, and d. 
[Hint: The most common two-letter blocks in the English language are TH, followed 
by HE.| 
(b) What is the plaintext for the intercepted message PPIH HOG RAPVT? 


. Suppose that the message GO SOX is to be enciphered using Verman’s telegraph cipher. 


(a) Express the message in Baudot code. 
(b) If the enciphering key is 


0111010111101010100110010 


obtain the alphabetic form of the ciphertext. 
A plaintext message expressed in Baudot code has been converted by the Verman cipher 
into the string 


110001110000111010100101111111 
If it is known that the key used for encipherment was 


011101011001011110001001101010 


recover the message in its alphabetic form. 
Ifn = pq = 274279 and o(n) = 272376, find the primes p and q. 
[Hint: Note that 


ptq=n—-do(n)t+l 
p—q=((p+q)y —4n]'”,] 


When the RSA algorithm is based on the key (n, k) = (3233, 37), what is the recovery 
exponent for the cryptosystem? 

Encrypt the plaintext message GOLD MEDAL using the RSA algorithm with key (n, k) = 
(2419, 3). 
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14. The ciphertext message produced by the RSA algorithim with key (n, k) = (1643, 223) 
iS 


0833 0823 1130 0055 0329 1099 


Determine the original plaintext message. 
[Hint: The recovery exponent is 7 = 7.] 
15. Decrypt the ciphertext 


1369 1436 0119 0385 0434 1580 0690 


that was encrypted using the RSA algorithm with key (n, k) = (2419, 211). 
[Hint: The recovery exponent is 11. Note that it may be necessary to fill out a plaintext 
block by adding zeros on the left.] 


10.2 THE KNAPSACK CRYPTOSYSTEM 


A public-key cryptosystem also can be based on the classic problem in combinatorics 
known as the knapsack problem, or the subset sum problem. This problem may be 
stated as follows: Given a knapsack of volume V and n items of various volumes 
a1, Q2,.--, Qn, can a subset of these items be found that will completely fill the 
knapsack? There is an alternative formulation: For positive integers a1, a2, ..., Qn 
and a sum V, solve the equation 


V =ayxno + QoX2 +--+ + a,x), 


where x; = Oor 1 fori = 1,2,...,n. 

There might be no solution, or more than one solution, to the problem, depending 
on the choice of the sequence a), a2,..., da, and the integer V. For instance, the 
knapsack problem 


22 = 3x, + 7x2 + 9x3 + 11x4 + 20x5 
is not solvable; but 
27 = 3x, + 7x. + 9x3 4+ I1x4 + 20x5 
has two distinct solutions, namely 
Sig == 1 p= %5. = 0 
and 
= x5 = | SS ae a S30 


Finding a solution to a randomly chosen knapsack problem is notoriously dif- 
ficult. None of the known methods for attacking the problem are substantially less 
time-consuming than is conducting an exhaustive direct search, that is, by testing 


all the 2” possibilities for x,, x2, ..., X,. This is computationally impracticable for 
n greater than 100, or so. 
However, if the sequence of integers a1, a2, ... , d, happens to have some special 


properties, the knapsack problem becomes much easier to solve. We call a sequence 
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Q1,42,..., A, Superincreasing when each q; 1s larger than the sum of all the preceding 
ones; that is, 


aj >atat+-:-:-+ajy_] i — ee Pree 2) 


A simple illustration of a superincreasing sequence is 1, 2, 4, 8,..., 2”, where 
2 >2)'-1=14+2+4+4+4.---+2'—|. For the corresponding knapsack problem, 


VS hy 2h te Ag Fe 2, Viper} 


the unknowns x; are just the digits in the binary expansion of V. 
Knapsack problems based on superincreasing sequences are uniquely solvable 
whenever they are solvable at all, as our next example shows. 


Example 10.4. Let us solve the superincreasing knapsack problem 
28 = 3x; + 5x2 + 11x3 + 20x4 + 41x5 


We start with the largest coefficient in this equation, namely 41. Because 41 > 28, it 
cannot be part of our subset sum; hence x5 = 0. The next-largest coefficient is 20, with 
20 < 28. Now the sum of the preceding coefficients is 3 + 5+ 11 < 28, so that these 
cannot fill the knapsack; therefore 20 must be included in the sum, and so x4 = 1. 
Knowing the values of x4 and xs, the original problem may be rewritten as 


8 = 3x, + 5x. 4+ 11x 


A repetition of our earlier reasoning now determines whether 11 should be in our 
knapsack sum. In fact, the inequality 11 > 8 forces us to take x3 = 0. To clinch matters, 
we are reduced to solving the equation 8 = 3x, + 5x2, which has the obvious solution 
x; = X2 = 1. This identifies a subset of 3, 5, 11, 20, 41 having the desired sum: 


28 =3+5+4 20 


It is not difficult to see how the procedure described in Example 10.4 operates, 
in general. Suppose that we wish to solve the knapsack problem 


V = ajx1 + 2X2 + +++ + anXky, 


where a, a2, ..., A, iS a Superincreasing sequence of integers. Assume that V can 
be obtained by using some subset of the sequence, so that V is not larger than the 
sum a; + a2 +----+a,. Working from right to left in our sequence, we begin by 
letting x, = 1lif V >a, and x, = Oif V <a,. Then obtain x,_1, x,_2,..., xX}, in 
turn, by choosing 


if V — (Qi41Xi41 a sake als AnXn) = aj 
xj = 
0 if V — (Qj41Xi41 ee oe AnXn) < Gj 


With this algorithm, knapsack problems using superincreasing sequences can be 
solved quite readily. 

A public-key cryptosystem based on the knapsack problem was devised by 
R. Merkle and M. Hellman in 1978. It works as follows. A typical user of the system 
starts by choosing a superincreasing sequence aj, a2, ..., a,. Now Select a modulus 
m > 2a, and a multiplier a, with O < a < m and gcd(a, m) = 1. This ensures that 
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the congruence ax = 1 (mod m) has a unique solution, say, x = c (mod m). Finally, 
form the sequence of integers b,, b2,..., b, defined by 


b; = aa; (mod m) ea es See 


where 0 < b; < m. Carrying out this last transformation generally destroys the 
superincreasing property enjoyed by the q;. 
The user keeps secret the original sequence a, a2,..., d,, and the numbers m 
and a, but publishes b,, b,..., b, in a public directory. Anyone wishing to send a 
message to the user employs the publicly available sequence as the encryption key. 
The sender begins by converting the plaintext message into a string M of 0’s 
and 1’s using the binary equivalent of letters: 


Letter Binary equivalent Letter Binary equivalent 


A 00000 N 01101 
B 00001 O 01110 
C 00010 P 01111 
D 00011 Q 10000 
E 00100 R 10001 
F 00101 S 10010 
G 00110 T 10011 
H 00111 U 10100 
J 01000 Vv 10101 
J 01001 W 10110 
K 01010 x 10111 
L 01011 Y 11000 
M 01100 Z 11001 
For example, the message 
First Place 


would be converted into the numerical representation 


M =00101 01000 10001 10010 10011 O1111 01011 QOQ0000 
00010 00100 


The string is then split into blocks of n binary digits, with the last block being filled 
out with 1’s at the end, if necessary. The public encrypting sequence b,, bo, ..., b, 
is next used to transform a given plaintext block, say x;x2---x,, into the sum 


S = dix, + boxg + +++ + DnXn 


The number S is the hidden information that the sender transmits over a communi- 
cation channel, which is presumed to be insecure. 

Notice that because each x; is either 0 or 1, the problem of recreating the plaintext 
block from S is equivalent to solving an apparently difficult knapsack problem 
(“difficult” because the sequence b,, b2, ..., b, is not necessarily superincreasing). 
On first impression, the intended recipient and any eavesdropper are faced with the 
same task. However, with the aid of the private decryption key, the recipient can 
change the difficult knapsack problem into an easy one. No one without the private 
key can make this change. 
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Knowing c and m, the recipient computes 
S’ = cS (mod m) O0<S'<m 
or, expanding this, 
S’ = chix, + chox. +---+cb,x, (mod m) 


Caa,x, + Caa2Xx2 + +--+ caa,x, (mod m) 


Now ca = 1 (mod m), so that the previous congruence becomes 
S’ = ayx; + anx2 +--+ + a,x, (mod m) 


Because m was initially chosen to satisfy m > 2a, > a; + a2 +---+ d,, we obtain 
A,X, + A2X2 +--+ +An,Xn, < mz. In light of the condition 0 < S’ < m, the equality 
S = ax + AgxX2 + +++ + AnXy 
must hold. The solution to this superincreasing knapsack problem furnishes the 
solution to the difficult problem, and the plaintext block x,x2---x, of n digits is 

thereby recovered from S. 
To help make the technique clearer, we consider a small-scale example with 
— wy 


Example 10.5. Suppose that a typical user of this cryptosystem selects as a secret key 
the superincreasing sequence 3, 5, 11, 20, 41, the modulus m = 85, and the multiplier 
a = 44. Each member of the superincreasing sequence is multiplied by 44 and reduced 
modulo 85 to yield 47, 50, 59, 30, 19. This is the encryption key that the user submits 
to the public directory. 

Someone who wants to send a plaintext message to the user, such as 


HELP US 
first converts it into the following string of 0’s and 1’s: 
M=00111 00100 01011 01111 10100 10010 


The string is then broken up into blocks of digits, in the current case blocks of length 
5. Using the listed public key to encrypt, the sender transforms the successive blocks 
into 

108 = 47-04 50-0+4+59-1+30-1+419- 


59 = 47-0+50-0+59-1+30-04 19. 
99 = 47-04 50-14+59-0+4+30-1+ 19. 
158 = 47-04+50-1459-1430-1+4+19- 
106 = 47-14+50-04+59-1+430-0+4 19. 
77 = 47-1+4+50-0+59-0+30-1+4+19-0 
The transmitted ciphertext consists of the sequence of positive integers 
108 59 99 158 106 77 


oOo - - oO - 


To read the message, the legitimate receiver first solves the congruence 44x = 1 
(mod 85), yielding x = 29 (mod 85). Then each ciphertext number is multiplied by 29 
and reduced modulo 85, to produce a superincreasing knapsack problem. For instance, 
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108 is converted to 72, because 108 - 29 =72 (mod 85); and the corresponding 
knapsack problem is 


72 = 3x; + 5x2 + 11x3 + 20x4 + 41x5 


The procedure for handling superincreasing knapsack problems quickly produces the 
solution x; = x2 = 0,x3 = x4 = x5 = 1. Inthis way, the first block 00111 of the binary 
equivalent of the plaintext is recovered. 


The Merkle-Hellman cryptosystem aroused a great deal of interest when it was 
first proposed, because it was based on a provably difficult problem. However, in 
1982 A. Shamir invented a reasonably fast algorithm for solving knapsack problems 
that involved sequences bj, b2,...,b,, where b; = aa; (mod m) and aj, a2, ..., Ay 
iS superincreasing. The weakness of the system is that the public encryption key 
bi, b2,..., 6, is too special; multiplying by a and reducing modulo m does not 
completely disguise the sequence a1, a2, ..., d,. The system can be made somewhat 
more secure by iterating the modular multiplication method with different values of a 
and m, so that the public and private sequences differ by several transformations. But 
even this construction was successfully broken in 1985. Although most variations 
of the Merkle-Hellman scheme have been shown to be insecure, there are a few that 
have, so far, resisted attack. 


PROBLEMS 10.2 


1. Obtain all solutions of the knapsack problem 
21 = 2x; + 3x2 + 5x3 + 7x4 + 9x5 4+ 11x¢ 


2. Determine which of the sequences below are superincreasing: 

(a) 3, 13, 20, 37, 81. 
(b) 5, 13, 25, 42, 90. 
(c) 7,27, 47, 97, 197, 397. 

3. Find the unique solution of each of the following superincreasing knapsack problems: 
(a) 118 = 4x, + 5x. + 10x3 + 20x4 + 41x5 + 99x¢. 

(b) 51 = 3x, + 5x0 + 9x3 + 18x4 + 37xs. 
(c) 54 = x; + 2x2 + 5x3 + 9x4 4+ 18x5 + 40X6. 

4. Consider a sequence of positive integers a), d2,...,@,, where aj;,,; > 2a; fori = 1, 
2,...,m — 1. Show that the sequence is superincreasing. 

5. Auserofthe knapsack cryptosystem has the sequence 49, 32, 30, 43 as alisted encryption 
key. If the user’s private key involves the modulus m = 50 and multiplier a = 33, 
determine the secret superincreasing sequence. 

6. The ciphertext message produced by the knapsack cryptosystem employing the super- 
increasing sequence 1, 3, 5, 11, 35, modulus m = 73, and multiplier a = 5 is 55, 15, 
124, 109, 25, 34. Obtain the plaintext message. 

[Hint: Note that 5 -44 = 1] (mod 73).] 

7. A.user of the knapsack cryptosystem has a private key consisting of the superincreasing 

sequence 2, 3, 7, 13, 27, modulus m = 60, and multiplier a = 7. 
(a) Find the user’s listed public key. 
(b) With the aid of the public key, encrypt the message SEND MONEY. 
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10.3 AN APPLICATION OF PRIMITIVE 
ROOTS TO CRYPTOGRAPHY 


Most modern cryptographic schemes rely on the presumed difficulty of solving some 
particular number theoretic problem within a reasonable length of time. For instance, 
the security underlying the widely used RSA cryptosystem discussed in Section 
10.1 is the sheer effort required to factor large numbers. In 1985, Taher ElGamal 
introduced a method of encrypting messages based on a version of the so-called 
discrete logarithm problem: that is, the problem of finding the power 0 < x < ¢(n), 
if it exists, which satisfies the congruence r* = y (modn) for given r, y, and n. 
The exponent x is said to be discrete logarithm of y to the base r, modulo n. The 
advantage of requiring that the base r be a primitive root of prime number zn is the 
assurance that y will always have a well-defined discrete logarithm. The logarithm 
could be found by exhaustive search; that is, by calculating the successive powers of 
r until y = r* (modzn) is reached. Of course, this would generally not be practical 
for a large modulus n of several hundred digits. 

Example 8.4 indicates that, say, the discrete logarithm of 7 to the base 2 modulo 
13 is 11; expressed otherwise, 11 is the smallest positive integer x for which 2* = 
7 (mod 13). In that example, we used the classical notation 11 = ind27 (mod 13) 
and spoke of 11 as being the index of 7, rather than employing the more current 
terminology. 

The ElGamal cryptosystem, like the RSA system, requires that each user possess 
both a public and a private (secret) key. The means needed to transmit a ciphered 
message between parties is announced openly, even published in a directory. How- 
ever, deciphering can be done only by the intended recipient using a private key. 
Because knowledge of the public key and the method of encipherment is not suffi- 
cient to discover the other key, confidential information can be communicated over 
an insecure channel. 

A typical user of this system begins by selecting a prime number p along with 
one of its primitive roots r. Then an integer k, where 2 < k < p — 2, is randomly 
chosen to serve as the secret key; thereafter, 


a=r*(mod p) 0<a<p-1 


is calculated. The triple of integers (p, r, a) becomes the person’s public key, made 
available to all others for cryptographic purposes. The value of the exponent k 
is never revealed. For an unauthorized party to discover k would entail solving a 
discrete logarithm problem that would be nearly intractable for large values of a 
and p. 

Before looking at the enciphering procedure, we illustrate the selection of the 
public key. 


Example 10.6. Suppose that an individual begins by picking the prime p = 113 and 
its smallest primitive root r = 3. The choice k = 37 is then made for the integer 
satisfying 2 < k < 111. It remains to calculate a = 3°’ (mod 113). The exponenti- 
ation can be readily accomplished by the technique of repeated squaring, reducing 
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modulo 113 at each step: 
3! = 3 (mod 113) 38 = 7 (mod 113) 
3* = 9 (mod 113) 3!6 = 49 (mod 113) 
3+ = 81 (mod 113) 33? = 28 (mod 113) 
and so 
a= 3?’ =3!.34.3° =3-81-28 = 6304 =24 (mod 113) 


The triple (113, 3, 24) serves as the public key, while the integer 37 becomes the secret 
deciphering key. 


Here is how ElGamal encryption works. Assume that a message is to be sent 
to someone who has public key (p, r, a) and also the corresponding private key k. 
The transmission 1s a string of integers smaller than p. Thus, the literal message is 
first converted to its numerical equivalent M by some standard convention such as 
letting a= 00,b=01,...,z = 25. If M => p, then M is split into successive blocks, 
each block containing the same (even) number of digits. It may be necessary to add 
extra digits (say, 25 = z), to fill out the final block. 

The blocks of digits are encrypted separately. If B denotes the first block, then 
the sender—who is aware of the recipient’s public key—arbitrarily selects an integer 
2< Jj < p—2 and computes two values: 


C, =r/ (mod p) and C,= Ba! (mod p), 0<C),C.<p-—1 


The numerical ciphertext associated with the block B is the pair of integers (C), C2). 
It is possible, in case greater security is needed, for the choice of j to be changed 
from block to block. 

The recipient of the ciphertext can recover the block B by using the secret 


key k. All that needs to be done is to evaluate Cy aes (mod p) and then P = 
C,C?-'* (mod p); for 


P= CC? | * =(Ba/\ri) 
= B(r*)! (riP-D-Jky 
= B(rP-1y! 
= B (mod p) 


p—1—-k 


where the final congruence results from the Fermat identity r?~! = 1 (mod p). The 
main point is that the decryption can be carried out by someone who knows the value 
of k. 

Let us work through the steps of the encryption algorithm, using a reasonably 
small prime number for simplicity. 


Example 10.7. Assume that the user wishes to deliver the message 
SELL NOW 


to a person who has the secret key k = 15 and public encryption key (p,7r,a) = 
(43, 3,22), where 22 = 3'° (mod 43). The literal plaintext is first converted to the 
string of digits 

M = 18041111131422 
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To create the ciphertext, the sender selects an integer j satisfying 2 < j < 41, perhaps 
j = 23, and then calculates 

ri = 3°? = 34 (mod 43) and a/ = 22” =32(mod 43) 
Thereafter, the product a/ B = 32B (mod 43) is computed for each two-digit block B 
of M. The initial block, for instance, is encrypted as 32.18 = 17 (mod 43). The entered 
digital message M is transformed in this way into a new string 

M' = 17420808291816 

The ciphertext that goes forward takes the form 

(34, 17) G4, 42) (34, 08) (34, 08) (34, 29) (34, 18) (34, 16) 
On the arrival of the message, the recipient uses the secret key to obtain 

(rij? = 3427 = 39 (mod 43) 

Each second entry in the ciphertext pairs is decrypted on multiplication by this last 


value. The first letter, S, in the sender’s original message would be recovered from the 
congruence 18 = 39 - 17 (mod 43), and so on. 


An important aspect of a cryptosystem should be its ability to confirm the 
integrity of a message; because everyone knows how to send a message, the recipient 
must be sure that the encryption was really issued by an authorized person. The usual 
method of protecting against possible third-party forgeries is for the person sending 
the message to have a digital “signature,” the electronic analog of a handwritten 
signature. It should be difficult to tamper with the digital signature, but its authenticity 
should be easy to recognize. Unlike a handwritten signature, it should be possible 
to vary a digital signature from one communication to another. 

A feature of the ElGamal cryptosystem is an efficient procedure for authenti- 
cating messages. Consider a user of the system who has public key (p, r, a), private 
key k, and encrypted message M. The first step toward supplying a signature is to 
choose an integer 1 < j < p—1 where gcd (j , p — 1) = 1. Taking a piece of the 
plaintext message /—for instance, the first block B—the user next computes 

c=r/(mod p), O<j<p-1 
and then obtains a solution of the linear congruence 
jd+kc=B(modp-1), O<d<p-2 
The solution d can be found using the Euclidean algorithm. The pair of integers 
(c,d) is the required digital signature appended to the message. It can be created 
only by someone aware of the private key k, the random integer j, and the message 
M. 
The recipient uses the sender’s public key (p,r,a) to confirm the purported 
signature. It is simply a matter of calculating the two values 
V, =a‘c’ (mod p), V2=r® (mod p), O<Vi,V2< p—1 
The signature is accepted as legitimate when V; = Vp». That this equality should 
take place follows from the congruence 
V7, = ac? = (r*)*(r/)? 
_ pket jd 


=" = V2 (mod P) 
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Notice that the personal identification does not require the recipient to know the 
sender’s private key k. 


Example 10.8. The person having public key (43, 3, 22) and private key k = 15 wants 
to sign and reply to the message SELL NOW. This is carried out by first choosing an 
integer 0 < j < 42 with gcd(j , 42) = 1, say 7 = 25. If the first block of the encoded 
reply is B = 13, then the person calculates 


c = 3” =5 (mod 43) 
and thereafter solves the congruence 
25d = 13—5- 15 (mod 42) 


for the value d = 16 (mod 42). The digital signature attached to the reply consists of 
the pair (5, 16). On its arrival, the signature is confirmed by checking the equality of 
the integers V; and V3: 


V, = 225 . 5!6 = 39 - 40 = 12 (mod 43) 
V> = 3!3 = 12 (mod 43) 


PROBLEMS 10.3 


1. The message REPLY TODAY is to be encrypted in the ElGamal cryptosystem and 
forwarded to a user with public key (47, 5, 10) and private key k = 19. 
(a) If the random integer chosen for encryption is 7 = 13, determine the ciphertext. 
(b) Indicate how the ciphertext can be decrypted using the recipient’s private key. 

2. Suppose that the following ciphertext is received by a person having ElGamal public 
key (71, 7, 32) and private key k = 30: 


(56,45) (56,38) (56,29) (56,03) (56, 67) 
(56,05) (56,27) (56,31) (56,38) (56, 29) 


Obtain the plaintext message. 

3. The message NOT NOW (numerically 131419131422) is to be sent to a user of the 
ElGamal system who has public key (37, 2, 18) and private key k = 17. If the integer 
j used to construct the ciphertext is changed over successive four-digit blocks from 
j = 13 to j = 28 to j = 11, what is the encrypted message produced? 

4. Assume that a person has ElGamal public key (2633, 3, 1138) and private key k = 965. 
If the person selects the random interger 7 = 583 to encrypt the message BEWARE OF 
THEM, obtain the resulting ciphertext. 

[Hint: 3°83 = 1424 (mod 2633), 1138°°3 = 97 (mod 2633).] 

5. (a) Aperson with public key (31, 2, 22) and private key k = 17 wishes to sign a message 
whose first plaintext block is B = 14. If 13 is the integer chosen to construct the 
signature, obtain the signature produced by the El]Gamal algorithm. 

(b) Confirm the validity of this signature. 


CHAPTER 
NUMBERS OF SPECIAL FORM 


In most sciences one generation tears down what another has built and what 
one has established another undoes. In Mathematics alone each generation 
builds a new story to the old structure. 

HERMANN HANKEL 


11.1 MARIN MERSENNE 


The earliest instance we know of a regular gathering of mathematicians is the group 
held together by an unlikely figure—the French priest Father Marin Mersenne (1588- 
1648). The son of a modest farmer, Mersenne received a thorough education at 
the Jesuit College of La Fléche. In 1611, after two years studying theology at the 
Sorbonne, he joined the recently founded Franciscan Order of Minims. Mersenne 
entered the Minim Convent in Paris in 1619 where, except for short trips, he remained 
for the rest of his life. 

Mersenne lamented the absence of any sort of formal organization to which 
scholars might resort. He responded to this need by making his own rooms at the 
Minim convent available as a meeting place for those drawn together by common 
interests, eager to discuss their respective discoveries and hear of similar activity 
elsewhere. The learned circle he fostered—composed mainly of Parisian mathemati- 
cians and scientists but augmented by colleagues passing through the city—seems to 
have met almost continuously from 1635 until Mersenne’s death in 1648. At one of 
these meetings the precocious 14-year-old Blaise Pascal distributed his handbill 
Essay pour les coniques containing his famous “mystic hexagram” theorem; 
Descartes could only grumble that he could not “pretend to be interested in the 
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work of a boy.” After Mersenne’s death, the august sessions continued to be held 
at private homes in and around Paris, including Pascal’s. It is customary to regard 
the Académie Royale des Sciences, chartered in 1666, as the more or less direct 
successor of these informal gatherings. 

From 1625 onwards, Mersenne made it his business to become acquainted with 
everyone of note in the European intellectual world. He carried out this plan through 
an elaborate network of correspondence which lasted over 20 years. In essence 
he became an individual clearinghouse of mathematical and scientific information, 
trading news of current advances in return for more news. It was Mersenne who, 
following a 1645 visit to Torricelli in Italy, made widely known that the physicist’s 
demonstration of atmospheric pressure through the rising of a column of mercury 
in a vacuum tube. Mersenne’s communications, dispersed over the Continent by 
passing from hand to hand, were the vital link between isolated members of the 
emerging scientific community at a time when the publication of learned journals 
still lay in the future. 

After Mersenne’s death letters from 78 correspondents scattered over Western 
Europe were found in his Parisian quarters. Among his correspondents were Huygens 
in Holland, Torricelli and Galileo in Italy, Pell and Hobbes in England, and the 
Pascals, father and son, in France. He had also served as the main channel of commu- 
nication between the French number theorists Fermat, Frénicle and Descartes; their 
exchanged letters determined the sorts of problems these three chose to investigate. 

Mersenne was not himself a serious contributor to the subject, rather a remark- 
able interested person prodding others with questions and conjectures. His own 
queries tended to be rooted in the classical Greek concern with divisibility. For 
instance, in a letter written in 1643, he sent the number 100895598169 to Fermat 
with a request for its factors. (Fermat responded almost immediately that it is the 
product of the two primes 898423 and 112303.) On another occasion he asked for 
a number which has exactly 360 divisors. Mersenne was also interested in whether 
or not there exists a so called “perfect number” with 20 or 21 digits, the underlying 
question really being to find out whether 2°’ — 1 is prime. Fermat discovered that 
the only prime divisors of 2°’ — 1 are of the form 74k + 1 and that 223 is such a 
factor, thereby supplying a negative answer to Mersenne. 

Mersenne was the author of various works dealing with the mathematical sci- 
ences, including Synopsis Mathematica (1626), Traité de l’Harmonie Universelle 
(1636-37) and Universae Geometriae Synopsis (1644). A believer in the new 
Copernican theory of the earth’s motion, he was virtually Galileo’s representative 
in France. He brought out (1634), under the title Les Mécaniques de Galilée, a ver- 
sion of Galileo’s early lectures on mechanics; and, in 1639, a year after its original 
publication, he translated Galileo’s Discorsi—a treatise analyzing projectile motion 
and gravitational acceleration—into French. As Italian was little understood abroad, 
Mersenne was instrumental in popularizing Galileo’s investigations. It is notable 
that he did this as a faithful member of a Catholic religious order at the height 
of the Church’s hostility to Galileo, and its condemnation of his writings. Perhaps 
Mersenne’s greatest contribution to the scientific movement lay in his rejection of 
the traditional interpretation of natural phenomena, which had stressed the action of 
“occult” powers, by insisting instead upon purely rational explanations. 
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Marin Mersenne 
(1588-1648) 


(David Eugene Smith Collection, Rare Book and 
Manuscript Library, Columbia University) 


11.2 PERFECT NUMBERS 


The history of the theory of numbers abounds with famous conjectures and open 
questions. The present chapter focuses on some of the intriguing conjectures asso- 
ciated with perfect numbers. A few of these have been satisfactorily answered, but 
most remain unresolved; all have stimulated the development of the subject as a 


whole. 
The Pythagoreans considered it rather remarkable that the number 6 is equal to 


the sum of its positive divisors, other than itself: 
6=1+4+2+43 


The next number after 6 having this feature is 28; for the positive divisors of 28 are 
found to be 1, 2, 4, 7, 14, and 28, and 


28=142+4474+14 


In line with their philosophy of attributing mystical qualities to numbers, the 
Pythagoreans called such numbers “perfect.” We state this precisely in Definition 
11.1. 


Definition 11.1. A positive integer n is said to be perfect if n is equal to the sum of all 
its positive divisors, excluding n itself. 


The sum of the positive divisors of an integer 1, each of them less than n, is given 
by o(n) — n. Thus, the condition “n is perfect” amounts to asking that o(n) —n = n, 
or equivalently, that 


o(n) = 2n 
For example, we have 


o(6)=1+2+3+6=2-6 


220 ELEMENTARY NUMBER THEORY 


and 
o0(28) =14+24+44+7+ 144+ 28 =2-28 


so that 6 and 28 are both perfect numbers. 

For many centuries, philosophers were more concerned with the mystical or 
religious significance of perfect numbers than with their mathematical properties. 
Saint Augustine explains that although God could have created the world all at once, 
He preferred to take 6 days because the perfection of the work is symbolized by 
the (perfect) number 6. Early commentators on the Old Testament argued that the 
perfection of the Universe is represented by 28, the number of days it takes the 
moon to circle the earth. In the same vein, the 8th century theologian Alcuin of York 
observed that the whole human race is descended from the 8 souls on Noah’s Ark and 
that this second Creation is less perfect than the first, 8 being an imperfect number. 

Only four perfect numbers were known to the ancient Greeks. Nicomachus in 
his Introductio Arithmeticae (circa 100 A.D.) lists 


P, =6 Py = 28 P3; = 496 Py = 8128 


He says that they are formed in an “orderly” fashion, one among the units, one among 
the tens, one among the hundreds, and one among the thousands (that is, less than 
10,000). Based on this meager evidence, it was conjectured that 


1. The nth perfect number P,, contains exactly n digits; and 
2. The even perfect numbers end, alternately, in 6 and 8. 


Both assertions are wrong. There is no perfect number with 5 digits; the next 
perfect number (first given correctly in an anonymous 15th century manuscript) is 


Ps = 33550336 
Although the final digit of Ps is 6, the succeeding perfect number, namely, 
Ps = 8589869056 


also ends in 6, not 8 as conjectured. To salvage something in the positive direction, 
we Shall show later that the even perfect numbers do always end in 6 or 8—but not 
necessarily alternately. 

If nothing else, the magnitude of Pe should convince the reader of the rarity of 
perfect numbers. It is not yet known whether there are finitely many or infinitely 
many of them. 

The problem of determining the general form of all perfect numbers dates back 
almost to the beginning of mathematical time. It was partially solved by Euclid when 
in Book IX of the Elements he proved that if the sum 


14+24+2°4+2°4+---4+2%! =p 


is a prime number, then Det p is a perfect number (of necessity even). For instance, 
1+2-+4=7 isa prime; hence, 4-7 = 28 is a perfect number. Euclid’s argument 
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makes use of the formula for the sum of a geometric progression 
1+24+27+2?+---4+2%'=2-1 


which is found in various Pythagorean texts. In this notation, the result reads as 
follows: If 2* — 1 is prime (k > 1), then n = 2*—!(2* — 1) is a perfect number. 
About 2000 years after Euclid, Euler took a decisive step in proving that all even 
perfect numbers must be of this type. We incorporate both these statements in our 
first theorem. 


Theorem 11.1. If 2 — 1 is prime (k > 1), thenn = 2'—!(2* — 1) is perfect and every 
even perfect number is of this form. 


Proof. Let 2 — 1 = p, a prime, and consider the integer n = 2‘! p. Inasmuch as 
gcd(2*—!, p) = 1, the multiplicativity of o (as well as Theorem 6.2) entails that 


a(n) = 0(2*"! p) = a (2*"!)a(p) 
= (2 — 1p + 1) 
= (2* — 1)2* = 2n 
making n a perfect number. 
For the converse, assume that n is an even perfect number. We may write n as 


n = 2*~!m, where m is an odd integer and k > 2. It follows from gcd(2*~! , m) = 1 
that 


o(n) = 0(2*"!m) = 0 (2*"!)a(m) = (2* — 1)0(m) 
whereas the requirement for a number to be perfect gives 
o(n) = 2n = 2*m 
Together, these relations yield 
2*m = (2° — 1)o(m) 


which is simply to say that (2* — 1)|2*m. But 2* — 1 and 2* are relatively prime, 
whence (2* — 1)|m; say, m = (2* — 1)M. Now the result of substituting this value of 
m into the last-displayed equation and canceling 2* — 1 is that o(m) = 2* M. Because 
m and M are both divisors of m (with M < m), we have 


2*M =o(m)>m+M=2'M 


leading to o(m) = m+ M. The implication of this equality is that m has only two 
positive divisors, to wit, M and m itself. It must be that m is prime and M = 1; in other 
words, m = (2* — 1)M = 2* — 1 is a prime number, completing the present proof. 


Because the problem of finding even perfect numbers is reduced to the search 
for primes of the form 2* — 1, a closer look at these integers might be fruitful. One 
thing that can be proved is that if 2 — 1 is a prime number, then the exponent k must 
itself be prime. More generally, we have the following lemma. 


Lemma. If a‘ — 1 is prime (a > 0, k > 2), then a = 2 and k is also prime. 
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Proof. It can be verified without difficulty that 
aS GG a pee a) 
where, in the present setting, 
yg 87 ace er ereree Oe, ao | >a+I1>1 


Because by hypothesis a* — 1 is prime, the other factor must be 1; that is, a — 1 = 1 
so that a = 2. 
If k were composite, then we could write k = rs, with 1 < r and 1 < s. Thus, 


a®*-l=(ay -1 
= (a" _ L)(a™@-Y 4 gq’ -2) Bee oe ee 1) 


and each factor on the right is plainly greater than 1. But this violates the primality of 
a* — 1, so that by contradiction k must be prime. 


For p = 2, 3,5, 7, the values 3, 7, 31, 127 of 2? — 1 are primes, so that 
2(2* —1)=6 
27(2° — 1) = 28 
24(2? — 1) = 496 
2°(2? — 1) = 8128 


are all perfect numbers. 

Many early writers erroneously believed that 2? — 1 is prime for every choice of 
the prime number p. But in 1536, Hudalrichus Regius in a work entitled Utriusque 
Arithmetices exhibits the correct factorization 


2'!_ 1 — 2047 — 23-89 


If this seems a small accomplishment, it should be realized that his calculations 
were in all likelihood carried out in Roman numerals, with the aid of an abacus (not 
until the late 16th century did the Arabic numeral system win complete ascendancy 
over the Roman one). Regius also gave p = 13 as the next value of p for which the 
expression 2? — 1 is a prime. From this, we obtain the fifth perfect number 


2!7(2!3 — 1) = 33550336 


One of the difficulties in finding further perfect numbers was the unavailability of 
tables of primes. In 1603, Pietro Cataldi, who is remembered chiefly for his invention 
of the notation for continued fractions, published a list of all primes less than 5150. 
By the direct procedure of dividing by all primes not exceeding the square root of a 
number, Cataldi determined that 2'’ — 1 was prime and, in consequence, that 


2'6(2'7 _ 1) = 8589869056 


is the sixth perfect number. 

A question that immediately springs to mind is whether there are infinitely many 
primes of the type 2? — 1, with p a prime. If the answer were in the affirmative, 
then there would exist an infinitude of (even) perfect numbers. Unfortunately, this 
is another famous unresolved problem. 
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This appears to be as good a place as any at which to prove our theorem on the 
final digits of even perfect numbers. 


Theorem 11.2. An even perfect number n ends in the digit 6 or 8; equivalently, either 
n = 6 (mod 10) orn = 8 (mod 10). 


Proof. Being an even perfect number, n may be represented as n = 2'~! (2* — 1), 
where 2* — 1 is a prime. According to the last lemma, the exponent k must also be 
prime. If k = 2, then n = 6, and the asserted result holds. We may therefore confine 
our attention to the case k > 2. The proof falls into two parts, according as k takes the 
form 4m + 1 or 4m + 3. 

If k is of the form 4m + 1, then 


n= 2 Qt = 1) 
= 28m+l _ 94m 2.16" — 16" 
A straightforward induction argument will make it clear that 16° = 6 (mod 10) for any 
positive integer ¢. Utilizing this congruence, we get 
n =2-6—6 = 6 (mod 10) 
Now, in the case in which k = 4m + 3, 
n = 24m+2(74m+3 _ 1) 

— 78m+5 _ 94m+2 _ 9. 162m+1 __ 4. 16” 
Falling back on the fact that 16’ = 6 (mod 10), we see that 

n=2-6—4-6=~—12 = 8 (mod 10) 


Consequently, every even perfect number has a last digit equal to 6 or to 8. 


A little more argument establishes a sharper result, namely, that any even perfect 
number n = 2*—!'(2* — 1) always ends in the digits 6 or 28. Because an integer is 
congruent modulo 100 to its last two digits, it suffices to prove that, if k is of the 
form 4m + 3, then n = 28 (mod 100). To see this, note that 

2k-1 — otmt? — 16".4=6-4=4 (mod 10) 


Moreover, for k > 2, we have 4 | 2*—!, and therefore the number formed by the last 
two digits of 2*—! is divisible by 4. The situation is this: The last digit of 2«~! is 4, 
and 4 divides the last two digits. Modulo 100, the various possibilities are 


2‘-! = 4, 24, 44, 64, or 84 
But this implies that 
2* —1 =2.2*"! — 1 =7, 47, 87, 27, or 67 (mod 100) 
whence 
n=2* 4" =1) 
= 4.7,24-47, 44 - 87, 64 - 27, or 84 - 67 (mod 100) 


It is a modest exercise, which we bequeath to the reader, to verify that each of the 
products on the right-hand side of the last congruence is congruent to 28 modulo 100. 
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PROBLEMS 11.2 


1. 


mn & 


10. 


11. 


12. 


13. 


Prove that the integer n = 2!°(2'! — 1) is not a perfect number by showing that 


a(n) ~ 2n. 
(Hint: 2'!! —1 = 23 - 89.] 


. Verify each of the statements below: 


(a) No power of a prime can be a perfect number. 
(b) A perfect square cannot be a perfect number. 
(c) The product of two odd primes is never a perfect number. 
[Hint: Expand the inequality (p — 1)(q — 1) > 2to get pg > p+q+1.] 


. Ifn is a perfect number, prove that )/,),, 1/d = 2. 
. Prove that every even perfect number is a triangular number. 
. Given that n is an even perfect number, for instance n = 2*~'(2* — 1), show that the 


integern = 1+2+4+3+4---+(2* — 1) and also that O(n) = 2*-1(2*-! — 1). 


. For an even perfect number 1 > 6, show the following: 


(a) The sum of the digits of n is congruent to 1 modulo 9. 
[Hint: The congruence 2° = 1 (mod 9) and the fact that any prime p > 5 is of the 
form 6k + 1 or 6k +5 imply that n = 2?~'(2? — 1) = 1 (mod 9).] 

(b) The integer 1 can be expressed as a sum of consecutive odd cubes. 
[Hint: Use Section 1.1, Problem 1(e) to establish the identity below for all k > 1: 


13 Sf: 33 Zt 53 ee Oo -_ 1) = jaa aa a 1).] 


. Show that no proper divisor of a perfect number can be perfect. 


[Hint: Apply the result of Problem 3.] 


. Find the last two digits of the perfect number 


c= eee Chae _ 1) 


. If o(n) = kn, where k > 3, then the positive integer n is called a k-perfect number 


(sometimes, multiply perfect). Establish the following assertions concerning k-perfect 
numbers: 
(a) 523,776 = 2? -3- 11-31 is 3-perfect. 
30,240 = 2° - 3°. 5-7 is 4-perfect. 

14, 182,439,040 = 2’ .34.5-.7-11%-17- 19 is 5-perfect. 
(b) If n is a 3-perfect number and 3 / n, then 3n is 4-perfect. 
(c) If is a5-perfect number and 5 / n, then 5n is 6-perfect. 
(d) If 3n is a 4k-perfect number and 3 / n, then n is 3k-perfect. 
For each k, it is conjectured that there are only finitely many k-perfect numbers. The 
largest one discovered has 558 digits and is 9-perfect. 
Show that 120 and 672 are the only 3-perfect numbers of the form n = 2* . 3 - p, where 
p is an odd prime. 
A positive integer n is multiplicatively perfect if n is equal to the product of all its positive 
divisors, excluding n itself; in other words, n* = [], \, 4. Find all multiplicatively perfect 
numbers. 
(Hint: Notice that n? = n™/? ] 
(a) If nm > 6 is an even perfect number, prove that n = 4 (mod 6). 

[Hint: 2?~' = 1 (mod 3) for an odd prime p.] 
(b) Prove that if n 4 28 is an even perfect number, then n = 1 or —1 (mod 7). 
For any even perfect number n = 2*~!(2* — 1), show that 2* | a(n”) + 1. 
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14. Numbers n such that o(o(n)) = 2n are called superperfect numbers. 
(a) If n = 2* with 2**! — 1 a prime, prove that n is superperfect; hence, 16 and 64 are 
superperfect. 
(b) Find all even perfect numbers n = 2*—'(2* — 1) which are also superperfect. 
(Hint: First establish the equality o(a(n)) = 2*(2*+! — 1).] 
15. The harmonic mean H(n) of the divisors of a positive integer n is defined by the formula 


| ae 
H(n) t(n) d 


d|n 


Show that if n is a perfect number, then H(n) must be an integer. 
[Hint: Observe that H(n) = nt(n)/a(n).] 

16. The twin primes 5 and 7 are such that one half their sum is a perfect number. Are there 
any other twin primes with this property? 
[Hint: Given the twin primes p and p+ 2, with p > 5, 5( p+p+2) = 6k for some 
k > 1.] 

17. Prove that if 2 — 1 is prime, then the sum 


gk-l at ok ae okt eee q2k—2 


will yield a perfect number. For instance, 2° — 1 is prime and 27 + 2? + 2+ = 28, which 
is perfect. 

18. Assuming that n is an even perfect number, say n = 2*~!(2* — 1), prove that the product 
of the positive divisors of n is equal to n*; in symbols, 


| [¢=n' 


d\n 


19. Ifn,,n2,---,n, are distinct even perfect numbers, establish that 


b(nynz---n,) = 2" "b(n )b(n2) - + b(ny) 


(Hint: See Problem 5.] 
20. Given an even perfect number n = 2*~!(2* — 1), show that 


p(n) =n-2*? 


11.3 MERSENNE PRIMES AND AMICABLE NUMBERS 
It has become traditional to call numbers of the form 
MM, =2"—1 n>1 


Mersenne numbers after Father Marin Mersenne who made an incorrect but provoca- 
tive assertion concerning their primality. Those Mersenne numbers that happen to 
be prime are said to be Mersenne primes. By what we proved in Section 11.2, the 
determination of Mersenne primes M,,—and, in turn, of even perfect numbers—is 
narrowed down to the case in which n is itself prime. 

In the preface of his Cogitata Physica-Mathematica (1644), Mersenne stated 
that M, is prime for p = 2, 3,5, 7, 13, 17, 19, 31, 67, 127, 257 and composite for 
all other primes p < 257. It was obvious to other mathematicians that Mersenne 
could not have tested for primality all the numbers he had announced; but neither 
could they. Euler verified (1772) that M3; was prime by examining all primes up to 
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46339 as possible divisors, but Mg7, M27, and M257 were beyond his technique; in 
any event, this yielded the eighth perfect number 


2°92?! — 1) = 2305843008139952128 


It was not until 1947, after tremendous labor caused by unreliable desk calcu- 
lators, that the examination of the prime or composite character of M, for the 55 
primes in the range p < 257 was completed. We know now that Mersenne made 
five mistakes. He erroneously concluded that M¢7 and M)s57 are prime and excluded 
M61, Mg, and Mjo7 from his predicted list of primes. It is rather astonishing that 
over 300 years were required to set the good friar straight. 

All the composite numbers M,, with n < 257 have now been completely fac- 
tored. The most difficult factorization, that of Mo5,, was obtained in 1984 after a 
32-hour search on a supercomputer. 

An historical curiosity is that, in 1876, Edouard Lucas worked a test whereby 
he was able to prove that the Mersenne number M¢7 was composite; but he could 
not produce the actual factors. 

Lucas was the first to devise an efficient “primality test”; that is, a procedure that 
guarantees whether a number is prime or composite without revealing its factors, if 
any. His primality criteria for the Mersenne and Fermat numbers were developed 
in a series of 13 papers published between January of 1876 and January of 1878. 
Despite an outpouring of research Lucas never obtained a major academic position 
in his native France, instead spending his career in various secondary schools. A 
freak, unfortunate accident led to Lucas’s death from infection at the early age of 
49: a piece of a plate dropped at a banquet flew up and gashed his cheek. 

At the October 1903 meeting of the American Mathematical Society, the 
American mathematician Frank Nelson Cole had a paper on the program with the 
somewhat unassuming title “On the Factorization of Large Numbers.” When called 
upon to speak, Cole walked to a board and, saying nothing, proceeded to raise the 
integer 2 to the 67th power; then he carefully subtracted 1 from the resulting number 
and let the figure stand. Without a word he moved to a clean part of the board and 
multiplied, longhand, the product 


193,707,721 x 761,838,257,287 


The two calculations agreed. The story goes that, for the first and only time on record, 
this venerable body rose to give the presenter of a paper a standing ovation. Cole took 
his seat without having uttered a word, and no one bothered to ask him a question. 
(Later, he confided to a friend that it took him 20 years of Sunday afternoons to find 
the factors of M67.) 

In the study of Mersenne numbers, we come upon a strange fact: When each of 
the first four Mersenne primes (namely, 3, 7, 31, and 127) is substituted for n in the 
formula 2” — 1, a higher Mersenne prime is obtained. Mathematicians had hoped 
that this procedure would give rise to an infinite set of Mersenne primes; in other 
words, the conjecture was that if the number M,, is prime, then My, is also a prime. 
Alas, in 1953 a high-speed computer found the next possibility 


My, = Ms yo 98191 =i 
(a number with 2466 digits) to be composite. 
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There are various methods for determining whether certain special types of 
Mersenne numbers are prime or composite. One such test is presented next. 


Theorem 11.3. If p and g = 2p + 1 are primes, then either g | M, org | Mp, + 2, but 
not both. 
Proof. With reference to Fermat’s theorem, we know that 
27-' _ 1 =0 (mod q) 
and, factoring the left-hand side, that 
(29-D? _ 1y\(29-D? 4 1) = (2P —1)2? +1) 
= 0 (mod q) 
What amounts to the same thing: 
M,(M, + 2) = 0 (mod q) 
The stated conclusion now follows directly from Theorem 3.1. We cannot have both 


q|M, and q | M, + 2, for then q | 2, which is impossible. 


A single application should suffice to illustrate Theorem 11.3: If p = 23, then 
gq =2p-+1=47 1s also a prime, so that we may consider the case of M23. The 
question reduces to one of whether 47 | M3 or, to put it differently, whether 27° = 
1 (mod 47). Now, we have 


273 — 23(2°)* = 2°(—15)*(mod 47) 
But 
(—15)* = (225)* = (—10)* = 6 (mod 47) 
Putting these two congruences together, we see that 
27> = 2>.6 = 48 = 1 (mod 47) 


whence M3 is composite. 

We might point out that Theorem 11.3 is of no help in testing the primality of 
Moo, say; in this instance, 59 J Moo, but instead 59 | My9 + 2. 

Of the two possibilities g|M, or g|M, + 2, is it reasonable to ask: What 
conditions on q will ensure that g | M,? The answer is to be found in Theorem 11.4. 


Theorem 11.4. If ¢ = 2n + 1 is prime, then we have the following: 


(a) q| Mn, provided that g = | (mod 8) org =7 (mod 8). 

(b) q|M, + 2, provided that g = 3 (mod 8) org = 5 (mod 8). 

Proof. To say that q | M, is equivalent to asserting that 
29-D/2 — 2" = 1 (mod q) 


In terms of the Legendre symbol, the latter condition becomes the requirement that 
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(2/q) = 1. But according to Theorem 9.6, (2/g¢) = 1 when we have g = 1 (mod 8) or 
= 7 (mod 8). The proof of (b) proceeds along similar lines. 


Let us consider an immediate consequence of Theorem 11.4. 
Corollary. If p andqg = 2p + 1 are both odd primes, with p = 3 (mod 4), theng | M,. 


Proof. An odd prime p is either of the form 4k + 1 or 4k + 3. If p = 4k +3, then 
q = 8k +7 and Theorem 11.4 yields g | Mp. In the case in which p = 4k +1, q = 
8k +3 sothatg { Mp. 


The following is a partial list of those prime numbers p = 3 (mod 4) where 
q = 2p -+ lisalso prime: p = 11, 23, 83, 131, 179, 191, 239, 251. In each instance, 
M, is composite. 

Exploring the matter a little further, we next tackle two results of Fermat that 
restrict the divisors of M,. The first is Theorem 11.5. 


Theorem 11.5. If p is an odd prime, then any prime divisor of M, is of the form 
2kp + 1. 


Proof. Let q be any prime divisor of M,, so that 2? = 1 (mod q). If 2 has order k 
modulo g (that is, if k is the smallest positive integer that satisfies 2* = 1 (mod q)), then 
Theorem 8.1 tells us that k | p. The case k = 1 cannot arise; for this would imply that 
q | 1, an impossible situation. Therefore, because both k | p and k > 1, the primality of 
p forces k = p. 

In compliance with Fermat’s theorem, we have 27~! = 1 (mod q), and therefore, 
thanks to Theorem 8.1 again, k | gq — 1. Knowing that k = p, the net result is p|q — 1. 
To be definite, let us put g — 1 = pt; then g = pt + 1. The proof is completed by 
noting that if t were an odd integer, then g would be even and a contradiction occurs. 
Hence, we must have g = 2kp + 1 for some choice of k, which gives g the required 
form. 


As a further sieve to screen out possible divisors of M,, we cite the following 
result. 


Theorem 11.6. If p is an odd prime, then any prime divisor g of M, is of the form 
q = +1 (mod 8). 


Proof. Suppose that g is a prime divisor of M,, so that 2? = 1 (mod q). According to 
Theorem 11.5, q is of the form q = 2kp + 1 for some integer k. Thus, using Euler’s 
criterion, (2/q) = 24-)/* = 1 (mod q), whence (2/q) = 1. Theorem 9.6 can now be 
brought into play again to conclude that g = +1 (mod 8). 


For an illustration of how these theorems can be used, one might look at M17. 
Those integers of the form 34k + 1 that are less than 362 < M7 are 


35, 69, 103, 137, 171, 205, 239, 273, 307, 341 
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Because the smallest (nontrivial) divisor of M7 must be prime, we need only consider 
the primes among the foregoing 10 numbers; namely, 


103, 137, 239, 307 


The work can be shortened somewhat by noting that 307 4 +1 (mod 8), and therefore 
we may delete 307 from our list. Now either M17 is prime or one of the three remaining 
possibilities divides it. With a little calculation, we can check that Mj7 is divisible 
by none of 103, 137, and 239; the result: M17 is prime. 

After giving the eighth perfect number 2°°(2°! — 1), Peter Barlow, in his book 
Theory of Numbers (published in 1811), concludes from its size that it “is the greatest 
that ever will be discovered; for as they are merely curious, without being useful, it is 
not likely that any person will ever attempt to find one beyond it.” The very least that 
can be said is that Barlow underestimated obstinate human curiosity. Although the 
subsequent search for larger perfect numbers provides us with one of the fascinating 
chapters in the history of mathematics, an extended discussion would be out of place 
here. 

It is worth remarking, however, that the first 12 Mersenne primes (hence, 12 
perfect numbers) have been known since 1914. The 11th in order of discovery, 
namely, Mgo, was the last Mersenne prime disclosed by hand calculation; its primality 
was verified by both Powers and Cunningham in 1911, working independently and 
using different techniques. The prime M27 was found by Lucas in 1876 and for the 
next 75 years was the largest number actually known to be a prime. 

Calculations whose mere size and tedium repel the mathematician are just grist 
for the mill of electronic computers. Starting in 1952, 22 additional Mersenne primes 
(all huge) have come to light. The 25th Mersenne prime, M2701, was discovered in 
1978 by two 18-year-old high school students, Laura Nickel and Curt Noll, using 
440 hours on a large computer. A few months later, Noll confirmed that M3299 1s 
also prime. With the advent of much faster computers, even this record prime did 
not stand for long. 

During the last 10 years, a flurry of computer activity confirmed the primality of 
nine more Mersenne numbers, each in turn becoming the largest number currently 
known to be prime. (In the never-ending pursuit of bigger and bigger primes, the 
record holder has usually been a Mersenne number.) Forty-one Mersenne primes 
have been identified. The most recent is M 4936583, discovered in 2004. It has 7235733 
decimal digits, nearly a million more than the previous largest known prime, the 
6320430-digit Mo996011. The year-long search for M24936583 used the spare time of 
several hundred thousand volunteers and their computers, each assigned a different 
set of candidates to test for primality. The newest champion prime gave rise to the 
41st even perfect number 


Py, = DANSE (Daan 2028= = 1) 


an immense number of 14591877 digits. 

It is not likely that every prime in the vast expanse p < 24036583 has been 
tested to see if M, is prime. One should be wary, for in 1989 a systematic computer 
search found the overlooked Mersenne prime Mj109503 lurking between Mg6243 and 
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M>16091. What is more probable is that enthusiasts with the time and inclinatio 
forge on through higher values to new records. 


Mersenne number Number of digits Date of discovery 

1 2-1 1 unknown 

2 2 1 unknown 

3 PS] 2 unknown 

4 = 3 unknown 
5 28-1 4 1456 
Wa 6 2-4] 6 1588 
i _, 24 6 1588 
i gs 21-4 10 1772 
i 9 Delany 19 1883 
a 10 2 J 27 1911 
i i Al 33 1914 
Cc 12 2127 _] 39 1876 
ee 13. (25h 157 1952 
Sp 14 2007 183 1952 
or" 15 eee] 386 1952 
iT 16 27203 _ 4 664 1952 
es i 2a 687 1952 
a 18-3217 _ 969 1957 
o 19 = 24493 _ ] 1281 1961 
pl 20 Pas 1332 1961 
. 7) eee 2917 1963 
2° DPA 2993 1963 
: 23: :oueh 3376 1963 
a 24 ier a] 6002 1971 
al D5. -geli0l = 4 6533 1978 
| 26 223209 _ 4 6987 1978 
! oy ete] 13395 1979 
| 28 De 25962 1983 
i 29: QMOW 7] 33265 1989 
30 0 2132049 _ 4 39751 1983 
i Bi eNO 65050 1985 
‘ 32 -2786839 4 227832 1992 
i 33 2859433 _ |] 258716 1994 
| 34, 2 a | 378632 1996 
| 85: pises200. =] 420921 1996 
| 36. 926 895932 1996 
| 37 23021377 _ 4 909526 1998 
i a ee 2098960 1999 
39g leteer lt? 4059346 2001 
AQ <Q ee A 6320430 2003 
Al. 7ee083 =] 7235733 2004 


An algorithm frequently used for testing the primality of M, is the Lucas-Le 
test. It relies on the inductively defined sequence 


Si=4 Sa, =SZ-2 k>1 
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Thus, the sequence begins with the values 4, 14, 194, 37634, .... The basic theorem, 
as perfected by Derrick Lehmer in 1930 from the pioneering results of Lucas, is 
this: For p > 2, M, is prime if and only if S,_; = 0 (mod M,). An equivalent 
formulation is that M, is prime if and only if $,_2 = +2*/? (mod M,). 

A simple example is provided by the Mersenne number M7 = 2’ — 1 = 127. 
Working modulo 127, the computation runs as follows: 


5; =4 So = 14 S3 = 67 Sa = 42 S5 = —16 S6 =O 


This establishes that M7 is prime. 

The largest of the numbers on Mersenne’s “original” list, the 78-digit M57, 
was found to be composite in 1930 when Lehmer succeeded in showing that S255 4 
O (mod 257); this arithmetic achievement was announced in print in 1930, although 
no factor of the number was known. In 1952, the National Bureau of Standards West- 
ern Automatic Computer (SWAC) confirmed Lehmer’s efforts of 20 years earlier. 
The electronic computer accomplished in 68 seconds what had taken Lehmer over 
700 hours using a calculating machine. The smallest prime factor of M257, namely, 


535006138814359 


was obtained in 1979 and the remaining two factors exhibited in 1980, 50 years after 
the composite nature of the number had been revealed. 

For the reader’s convenience, we have listed the 41 Mersenne primes, the number 
of digits in each, and its approximate date of discovery. 

Most mathematicians believe that there are infinitely many Mersenne primes, but 
a proof of this seems hopelessly beyond reach. Known Mersenne primes M, clearly 
become more scarce as p increases. It has been conjectured that about two primes 
M, should be expected for all primes p in an interval x < p < 2x; the numerical 
evidence tends to support this. 

One of the celebrated problems of number theory is whether there exist any 
odd perfect numbers. Although no odd perfect number has been produced thus far, 
nonetheless, it is possible to find certain conditions for the existence of odd perfect 
numbers. The oldest of these we owe to Euler, who proved that if n is an odd perfect 
number, then 


26, 2 2B, 
eo Boa, Gs gee 


where p, qi,...,9, are distinct odd primes and p =a =1 (mod 4). In 1937, 
Steuerwald showed that not all 6;’s can be equal to 1; that is, ifn = p%q;q3 ---q? 
is an odd number with p = a = 1 (mod 4), then n is not perfect. Four years later, 
Kanold established that not all 6;’s can be equal to 2, nor is it possible to have one 
B; equal to 2 and all the others equal to 1. The last few years have seen further 
progress: Hagis and McDaniel (1972) found that it is impossible to have 6; = 3 for 
all i. 
With these comments out of the way, let us prove Euler’s result. 
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Theorem 11.7 Euler. If is an odd perfect number, then 


— pf 2/2 2ir 
NA=P;, Py °**' Pr 


where the p;’s are distinct odd primes and p; = k; = 1 (mod 4). 


Proof. Let n = pi py .. » pr be the prime factorization of n. Because n is perfect, we 


can write 
= = ky k2 k, 
2n = a(n) = a(p;' )o(py )---o(p;") 


Being an odd integer, either n = 1 (mod 4) or n = 3 (mod 4); in any event, 2n = 2 
(mod 4). Thus, a(n) = 2n is divisible by 2, but not by 4. The implication is that one 
of the o( Pp," ), say o( pi ), must be an even integer (but not divisible by 4), and all the 


remaining o( Pp," )’s are odd integers. 
For a given p;, there are two cases to be considered: p; = 1 (mod 4) and p; = 
3 (mod 4). If pj = 3 = —1 (mod 4), we would have 


o(p')=1+ pit ppt: +; 
=14+(-1)4+(-1)*4+---+(—)D* (mod 4) 
a tose 4) if k; is odd 

~ |1(mod4) © ifk; is even 


Because a( pi = 2 (mod 4), this tells us that p; 4 3 (mod 4) or, to put it affirma- 
tively, p; = 1 (mod 4). Furthermore, the congruence o( py’) = (0 (mod 4) signifies that 


4 divides o( p'); which is not possible. The conclusion: If p; = 3 (mod 4), where 
i =2,...,r, then its exponent k; is an even integer. 
Should it happen that p; = 1 (mod 4)—which 1s certainly true for i = 1—then 


o(p;') =1+ pit pp tet p; 
=141'417+4+.--+1* (mod 4) 
=k; + 1 (mod 4) 


The condition o( pi') = 2 (mod 4) forces kj = 1 (mod 4). For the other values of i, 
we know that o( pr) = 1 or 3 (mod 4), and therefore k; = 0 or 2 (mod 4); in any case, 
k; is an even integer. The crucial point is that, regardless of whether p; = 1 (mod 4) 
or p; = 3 (mod 4), k; is always even for i ~ 1. Our proof is now complete. 


In view of the preceding theorem, any odd perfect number nv can be expressed 


= ky 2)2 2 jr 
n= py py” + Pr 


ke 
= pi\(py +--+ pry’ 
= pm 


This leads directly to the following corollary. 
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Corollary. If n is an odd perfect number, then n is of the form 
n= p*m? 


where p is a prime, p |} m, and p =k = 1 (mod 4); in particular, n = 1 (mod 4). 


Proof. Only the last assertion is not obvious. Because p = 1 (mod 4), we have p* = 
1 (mod 4). Notice that m must be odd; hence, m = 1 or 3 (mod 4), and therefore upon 
squaring, m* = 1 (mod 4). It follows that 


n= p'm? =1-1=1 (mod 4) 


establishing our corollary. 


Another line of investigation involves estimating the size of an odd perfect 
number n. The classical lower bound was obtained by Turcaninov in 1908: n has at 
least four distinct prime factors and exceeds 2 - 10°. With the advent of electronic 
computers, the lower bound has been improved ton > 10°°°. Recent investigations 
have shown that 1 must be divisible by at least eight distinct primes, the largest of 
which is greater than 10’, and the next largest exceeds 10*; if 3 / n, then the number 
of distinct prime factors of 7 is at least 11. 

Although all of this lends support to the belief that there are no odd perfect 
numbers, only a proof of their nonexistence would be conclusive. We would then 
be in the curious position of having built up a whole theory for a class of numbers 
that did not exist. “It must always,” wrote the mathematician Joseph Sylvester in 
1888, “stand to the credit of the Greek geometers that they succeeded in discovering 
a class of perfect numbers which in all probability are the only numbers which are 
perfect.” 

Another group of numbers that has had a continuous history extended from the 
early Greeks to the present time comprises the amicable numbers. Two numbers such 
as 220 and 284 are called amicable, or friendly, because they have the remarkable 
property that each number is “contained’’ within the other, in the sense that each 
number is equal to the sum of all the positive divisors of the other, not counting the 
number itself. Thus, as regards the divisors of 220, 


14+2+44+5+104+114+20+ 224 444 55+ 110 = 284 
and for 284, 
14+24+4-4714 142 = 220 


In terms of the o function, amicable numbers m and n (or an amicable pair) are 
defined by the equations 


o(m)—-m=n o(n)—-n=m 
or what amounts to the same thing: 
o(m)=m+n=a(n) 


Down through their quaint history, amicable numbers have been important in 
magic and astrology, and in casting horoscopes, making talismans, and concocting 
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love potions. The Greeks believed that these numbers had a particular influence 
in establishing friendships between individuals. The philosopher Iamblichus of 
Chalcis (ca. A.D. 250—A.D. 330) ascribed a knowledge of the pair 220 and 284 to the 
Pythagoreans. He wrote: 


They [the Pythagoreans] call certain numbers amicable numbers, adopting virtues and 
social qualities to numbers, as 284 and 220; for the parts of each have the power to 
generate the other.... 


Biblical commentators spotted 220, the lesser of the classical pair, in Genesis 32:14 
as numbering Jacob’s present to Esau of 200 she-goats and 20 he-goats. According to 
one commentator, Jacob wisely counted out his gift (a “hidden secret arrangement’) 
to secure the friendship of Esau. An Arab of the 11th century, El Madschriti of 
Madrid, related that he had put to the test the erotic effect of these numbers by 
giving someone a confection in the shape of the smaller number, 220, to eat, while 
he himself ate the larger, 284. He failed, however, to describe whatever success the 
ceremony brought. 

It is a mark of the slow development of number theory that until the 1630s no 
one had been able to add to the original pair of amicable numbers discovered by 
the Greeks. The first explicit rule described for finding certain types of amicable 
pairs is due to Thabit ibn Qurra, an Arabian mathematician of the 9th century. In a 
manuscript composed at that time, he indicated: 


If the three numbers p = 3-2”-! — 1, g = 3-2" —1, andr = 9-27"! — 1 are all 
prime and n > 2, then 2” pq and 2”r are amicable numbers. 


It was not until its rediscovery centuries later by Fermat and Descartes that Thabit’s 
rule produced the second and third pairs of amicable numbers. In a letter to 
Mersenne in 1636, Fermat announced that 17,296 and 18,416 were an amicable 
pair, and Descartes wrote to Mersenne in 1638 that he had found the pair 9363584 
and 9437056. Fermat’s pair resulted from taking n = 4 in Thabit’s rule (p = 23, 
gq = 47, r = 1151 are all prime) and Descartes’ from n = 7 (p = 191, g = 383, 
r = 73727 are all prime). 

In the 1700s, Euler drew up at one clip a list of 64 amicable pairs; two of these 
new pairs were later found to be “unfriendly,” one in 1909 and one in 1914. Adrien 
Marie Legendre, in 1830, found another pair, 2172649216 and 2181168896. 

Extensive computer searches have currently revealed more than 50000 amicable 
pairs, some of them running to 320 digits; these include all those with values less than 
10'!. It has not yet been established whether the number of amicable pairs is finite 
or infinite, nor has a pair been produced in which the numbers are relatively prime. 
What has been proved is that each integer in a pair of relatively prime amicable 
numbers must be greater than 10°, and their product must be divisible by at least 22 
distinct primes. Part of the difficulty is that in contrast with the single formula for 
generating (even) perfect numbers, there is no known rule for finding all amicable 
pairs of numbers. 
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Another inaccessible question, already considered by Euler, is whether there are 


amicable pairs of opposite parity—that is, with one integer even and the other odd. 


“Most” amicable pairs in which both members of the pair are even have their 


sums divisible by 9. A simple example is 220 + 284 = 504 = 0 (mod 9). The small- 
est known even amicable pair whose sum fails to enjoy this feature is 666030256 
and 696630544. 


PROBLEMS 11.3 


1; 


N 


10. 


Prove that the Mersenne number Mj3 is a prime; hence, the integer n = 2!? (2!3 — 1) is 
perfect. 

[Hint: Because M3 < 91, Theorem 11.5 implies that the only candidates for prime 
divisors of Mj3 are 53 and 79. | 


. Prove that the Mersenne number Mjo is a prime; hence, the integer n = 2!8(2!? — 1) is 


perfect. 
[Hint: By Theorems 11.5 and 11.6, the only prime divisors to test are 191, 457, and 647.] 


. Prove that the Mersenne number M29 is composite. 
. A positive integer n is said to be a deficient number if a(n) < 2n and an abundant number 


if o(n) > 2n. Prove each of the following: 

(a) There are infinitely many deficient numbers. 
(Hint: Consider the integers n = p*, where p is an odd prime and k > 1.] 

(b) There are infinitely many even abundant numbers. 
[Hint: Consider the integers n = 2° -3, where k > 1.] 

(c) There are infinitely many odd abundant numbers. 
[Hint: Consider the integers n = 945 - k, where k is any positive integer not divisible 
by 2, 3, 5, or 7. Because 945 = 3° - 5-7, it follows that gcd(945 ,k) = 1 and so 
a(n) = a(945)a (k). | 


. Assuming that n is an even perfect number and d|n, where 1 < d <n, show that d is 


deficient. 


. Prove that any multiple of a perfect number is abundant. 
. Confirm that the pairs of integers listed below are amicable: 


(a) 220 = 27 - 5-11 and 284 = 2? - 71. (Pythagoras, 500 B.C.) 
(b) 17296 = 2* - 23 - 47 and 18416 = 2* - 1151. (Fermat, 1636) 
(c) 9363584 = 2’ - 191 - 383 and 9437056 = 2’ - 73727. (Descartes, 1638) 


. For a pair of amicable numbers m and n, prove that 


(Sa) +(Sua) = | 


d|m d|n 


. Establish the following statements concerning amicable numbers: 


(a) A prime number cannot be one of an amicable pair. 

(b) The larger integer in any amicable pair is a deficient number. 

(c) If m and n are an amicable pair, with m even and n odd, then n is a perfect square. 
[Hint: If p is an odd prime, then 1 + p+ p* +---+ p* is odd only when k is an 
even integer. | 

In 1886, a 16-year-old Italian boy announced that 1184 = 2° - 37 and 1210 = 2-5- 11? 

form an amicable pair of numbers, but gave no indication of the method of discovery. 

Verify his assertion. 
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11. Prove “Thabit’s rules” for amicable pairs: If p = 3-2”-' —1,qg =3-2"—1, andr = 
9.27"-1 _ ] are all prime numbers, where n > 2, then 2” pg and 2”r are an amicable 
pair of numbers. This rule produces amicable numbers for n = 2, 4, and 7, but for no 
other n < 20,000. 

12. By an amicable triple of numbers is meant three integers such that the sum of any 
two is equal to the sum of the divisors of the remaining integer, excluding the number 
itself. Verify that 2° - 3 - 13 . 293 - 337, 2° -3-5-13- 16561, and 2° -3 - 13 - 99371 are 
an amicable triple. 

13. A finite sequence of positive integers is said to be a sociable chain if each is the sum of 
the positive divisors of the preceding integer, excluding the number itself (the last integer 
is considered as preceding the first integer in the chain). Show that the following integers 
form a sociable chain: 


14288, 15472, 14536, 14264, 12496 


Only two sociable chains were known until 1970, when nine chains of four integers each 
were found. 

14. Prove that 
(a) Any odd perfect number n can be represented in the form n = pa’, where p is a 

prime. 
(b) If n = pa? is an odd perfect number, then n = p (mod 8). 

15. If n is an odd perfect number, prove that n has at least three distinct prime factors. 
[Hint: Assume that n = p*q*/, where p =k =1 (mod 4). Use the inequality 2 = 
a(n)/n < [p/(p — I]l¢/(¢ — 1)] to reach a contradiction. | 

16. If the integer n > 1 is a product of distinct Mersenne primes, show that o(n) = 2* for 
some k. 


11.4 FERMAT NUMBERS 


To round out the picture, let us mention another class of numbers that provides 
a rich source of conjectures, the Fermat numbers. These may be considered as a 
special case of the integers of the form 2” + 1. We observe that if 2” + 1 is an 
odd prime, then m = 2” for some 1 > 0. Assume to the contrary that m had an 
odd divisor 2k + 1 > 1,saym = (2k + 1)r; then 2” + 1 would admit the nontrivial 
factorization 


Qm4 {= (2k+1)r 4]= (ye 4] 
= Cr ake 1)(274r = 9(2k—Dr il acl Q2r a Dea 1) 


which is impossible. In brief, 2” + 1 can be prime only if m is a power of 2. 


Definition 11.2. A Fermat number is an integer of the form 
F,=27 +1 n>=0 
If F,, 18 prime, it is said to be a Fermat prime. 


Fermat, whose mathematical intuition was usually reliable, observed that all the 
integers 


a 
[ 
oe) 
yy 
[ 
Cn 


fy = 17 F3 = 257 F4 = 65537 
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are primes and expressed his belief that F,, is prime for each value of n. In writing 
to Mersenne, he confidently announced: “I have found that numbers of the form 
27" + 1 are always prime numbers and have long since signified to analysts the truth 
of this theorem.”’ However, Fermat bemoaned his inability to come up with a proof 
and, in subsequent letters, his tone of growing exasperation suggests that he was 
continually trying to do so. The question was resolved negatively by Euler in 1732 
when he found 


Fs = 2? +1 = 4294967297 


to be divisible by 641. To us, such a number does not seem very large; but in Fermat’s 
time, the investigation of its primality was difficult, and obviously he did not carry 
it out. 

The following elementary proof that 641 | F5 does not explicitly involve division 
and is due to G. Bennett. 


Theorem 11.8. The Fermat number Fs is divisible by 641. 


Proof. We begin by putting a = 2’ and b = 5, so that 
l+ab=1+42'.5=641 
It is easily seen that 
ltab—b'=14+(a—b)b=14+3b=2% 
But this implies that 
Fs =2?41=2%41 

= 2*q*+1 

=(1+ab—b*)a* +1 

= (1 + ab)a* + (1 — a*b*) 

= (1 + ab)[a* + (1 — ab)(1 +. ab’)] 
which gives 641 | Fy. 


To this day it is not known whether there are infinitely many Fermat primes 
or, for that matter, whether there is at least one Fermat prime beyond F4. The best 
“guess” is that all Fermat numbers F,, > F4 are composite. 

Part of the interest in Fermat primes stems from the discovery that they have a 
remarkable connection with the ancient problem of determining all regular polygons 
that can be constructed with ruler and compass alone (where the former is used only 
to draw straight lines and the latter only to draw arcs). In the seventh and last section 
of the Disquisitiones Arithmeticae, Gauss proved that a regular polygon of n sides 
is so constructible if and only if either 


n= 2* or n = 2" pi po--+ Py 


where k > O and pj, p2,..., py are distinct Fermat primes. The construction of 
regular polygons of 2", 2* . 3, 2* . 5 and 2* - 15 sides had been known since the time 
of the Greek geometers. In particular, they could construct regular n-sided polygons 
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for n = 3, 4,5, 6, 8, 10, 12, 15, and 16. What no one suspected before Gauss was 
that a regular 17-sided polygon can also be constructed by ruler and compass. Gauss 
was so proud of his discovery that he requested that a regular polygon of 17 sides be 
engraved on his tombstone; for some reason, this wish was never fulfilled, but such 
a polygon is inscribed on the side of a monument to Gauss erected in Brunswick, 
Germany, his birthplace. 

A useful property of Fermat numbers is that they are relatively prime to each 
other. 


Theorem 11.9. For Fermat numbers F,, and F,,,, where m > n > 0, gcd( Pi, , Fy) = 1. 


Proof. Put d = gcd(F,, , F,). Because Fermat numbers are odd integers, d must be 
odd. If we set x = 2*" and k = 2”~”, then 


F., _ 9) 7 (2?" aaa _ | 
| a | 


ie 
x+1 


whence F,, | (F,, — 2). From d | F,, it follows that d|(F,, — 2). Now use the fact that 
d|F, to obtain d|2. But d is an odd integer, and so d = 1, establishing the result 
claimed. 


This leads to a pleasant little proof of the infinitude of primes. We know that 
each of the Fermat numbers Fo, F\,..., F, 1s divisible by a prime that, according 
to Theorem 11.9, does not divide any of the other F;. Thus, there are at least n + 1 
distinct primes not exceeding F,,. Because there are infinitely many Fermat numbers, 
the number of primes is also infinite. 

In 1877, the Jesuit priest T. Pepin devised the practical test (Pepin’s test) for 
determining the primality of F,, that is embodied in the following theorem. 


Theorem 11.10 Pepin’s test. For > 1, the Fermat number F,, = 22 te ig prime 
if and only if 


3(fn—-D/2 = _] (mod F,) 


Proof. First let us assume that 
3% —D/2 = _] (mod Fy) 
Upon squaring both sides, we get 
3*-! = 1 (mod F,) 
The same congruence holds for any prime p that divides F,: 
3fn—! = | (mod p) 


Now let k be the order of 3 modulo p. Theorem 8.1 indicates that k | Ff, — 1, or in other 
words, that k | 2”"; therefore k must be a power of 2. 
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It is not possible that k = 2” for any r < 2” — 1. For if this were so, repeated 
squaring of the congruence 3* = 1 (mod p) would yield 


ge" =] (mod p) 
or, what is the same thing, 
3(Fn—D/2 = | (mod P) 


We would then arrive at 1 = —1 (mod p), resulting in p = 2, which is a contradiction. 
Thus the only possibility open to us is that 
k=2* =F,-1 


Fermat’s theorem tells us now that k < p—1, which means, in turn, that F, = 
k +1 < p. Because p| F,, we also have p < F,,. Together these inequalities mean 
that fF, = p, so that F, is a prime. 

On the other hand, suppose that F,,, n > 1, is prime. The Quadratic Reciprocity 
Law gives 


(3/Fn) = (Fn/3) = (2/3) = -1 
when we use the fact that F, = (—1)*" + 1 = 2 (mod 3). Applying Euler’s Criterion, 


we end up with 


3(fn—-D/2 — _] (mod F,) 


Let us demonstrate the primality of Ff; = 257 using Pepin’s test. Working mod- 
ulo 257, we have 
3(Fs-D/2 — 3128 — 33(35y25 
= 27(-14)” 
= 27. 14*4(-14) 
= 27(17)(- 14) 
= 27-19 = 513 = —1 (mod 257) 
so that F3 is prime. 
We have already observed that Euler proved the Fermat number F’5 to be com- 


posite, with the factorization F; = 2°? + 1 = 641 - 6700417. As for Fe, in 1880, 
F. Landry announced that 


fe = 24 + ] 
= 274177 - 67280421310721 


This accomplishment is all the more remarkable when we consider that Landry 
was 82 years old at the time. Landry never published an account of his work on 
factoring F¢, but it is unlikely that he resorted to the process of trial division; for, 
several years earlier, he had estimated that any attempt to show the primality of F¢ 
by testing numbers of the form 128k + 1 could take up to 3000 years. 

In 1905, J. C. Morehead and A. E. Western independently performed Pepin’s 
test on F7 and communicated its composite character almost simultaneously. It took 
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66 years, until 1971, before Brillhart and Morrison discovered the prime factorization 


F; = 7128 x | 
= 59649589127497217 - 5704689200685 129054721 


(The possibility of arriving at such a factorization without recourse to fast computers 
with large memories is remote.) Morehead and Western carried out (in 1909) a 
similar calculation for the compositeness of Fg, each doing half the work; but the 
actual factors were not found until 1980, when Brent and Pollard showed the smallest 
prime divisor of Fs to be 


1238926361552897 


The other factor of Fg is 62 digits long, and shortly afterward was shown to be prime. 
A large F,, to which Pepin’s test has been applied is /)4, a number of 4933 digits; 
this Fermat number was determined to be composite by Selfridge and Hurwitz in 
1963, although at present no divisor is known. 

Our final theorem, due to Euler and Lucas, is a valuable aid in determining the 
divisors of Fermat numbers. As early as 1747, Euler established that every prime 
factor of F,, must be of the form k - 27+! + 1; over 100 years later, in 1879, the French 
number theorist Edouard Lucas improved upon this result by showing that & can be 
taken to be even. From this, we have the following theorem. 


Theorem 11.11. Any prime divisor p of the Fermat number F,, = 27° + 1, where 
n > 2, is of the form p = k-2”*? + 1. 
Proof. For a prime divisor p of Fy, 

27" = —1 (modp) 
which is to say, upon squaring, that 

22""" = 1 (mod p) 
If h is the order of 2 modulo p, this congruence tells us that 

h\2r+! 

We cannot have h = 2’ where 1 <r <n, for this would lead to 

2?" = 1 (mod p) 


and, in turn, to the contradiction that p = 2. This lets us conclude that h = Dh: 
Because the order of 2 modulo p divides ¢(p) = p — 1, we may further conclude that 
2"*1 | » — 1. The point is that for n > 2, p = 1 (mod 8), and therefore, by Theorem 
9.6, the Legendre symbol (2/p) = 1. Using Euler’s criterion, we immediately pass to 


2D? = (2/p) = 1 (mod p) 


An appeal to Theorem 8.1 finishes the proof; it asserts that h | (p — 1)/2, or equivalently, 
2"*1 | (p — 1)/2. This forces 2”*? | p — 1, and we obtain p = k - 2"** + 1 for some 
integer k. 
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Theorem 11.11 enables us to determine quickly the nature of Fy = 2'°+ 1 = 
65537. The prime divisors of Fy must take the form 2°k + 1 = 64k + 1. There is 
only one prime of this kind that is less than or equal to / F'4, namely, the prime 193. 
Because this trial divisor fails to be a factor of F4, we may conclude that F% is itself 
a prime. 

The increasing power and availability of computing equipment has allowed the 
search for prime factors of the Fermat numbers to be extended significantly. For 
example, the first prime factor of Fy3 was found in 1997. It is now known that F,, 
is composite for 5 < n < 30, and for some 140 additional values of n. The largest 
composite Fermat number found to date is F3939gg, with divisor 3 - 2°°7°93 + 1, 

The complete prime factorization of F,, has been obtained for 5 < n < 11 and 
no other n. After the factorization of Fg, it was little suspected that /,,, 629 digits 
long, would be the next Fermat number to be completely factored; but this was 
carried out by Brent and Morain in 1988. The factorization of the 155-digit Fo by 
the joint efforts of Lenstra, Manasse, and Pollard in 1990 was noteworthy for having 
employed approximately 700 workstations at various locations around the world. 
The complete factorization took about 4 months. Not long thereafter (1996), Brent 
determined the remaining two prime factors of the 310-digit Fj9. The reason for 
arriving at the factorization of F,; before that of Fo and Fi9 was that size of the 
second-largest prime factor of /; made the calculations much easier. The second- 
largest prime factor of Fj; contains 22 digits, whereas those of Fo and Fo have 
lengths of 49 and 40 digits, respectively. 

The enormous F3,, with a decimal expansion of over 600 million digits, was 
proved to be composite in 2001. It was computationally fortunate that F3, had a 
prime factor of only 23 digits. For F33, the challenge remains: it is the smallest 
Fermat number whose character is in doubt. Considering that 33 has more than two 
trillion digits, the matter may not be settled for some time. 

A resume of the current primality status for the Fermat numbers F;,, where 
0 <n < 33, 1s given below. 


n Character of F,, 
(0 al Pees er prime 
5, 6, 7, 8, 9, 10, 11 completely factored 
12, 13, 15, 16, 18, 19, 25, 27, 30 two or more prime factors known 
17.21, 23; 26; 28,.29,.31,32 only one prime factor known 
14, 20, 22, 24 composite, but no factor known 
33 character unknown 


The case for F'16 was settled in 1953 and lays to rest the tantalizing conjecture 
that all the terms of the sequence 


2 22 
p(s oe | Us ae ey Wo cae ey ae 
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are prime numbers. What is interesting is that none of the known prime factors p of 
a Fermat number F,, gives rise to a square factor p7; indeed, it is speculated that the 
Fermat numbers are square-free. This is in contrast to the Mersenne numbers where, 
for example, 9 divides Mg,,. 

Numbers of the form k - 2” + 1, which occur in the search for prime factors of 
Fermat numbers, are of considerable interest in their own right. The smallest n for 
which k - 2” + | is prime may be quite large in some cases; for instance, the first 
time 47-2” + | is prime is when n = 583. But there also exist values of k such 
that k - 2” + | is always composite. Indeed, in 1960 it was proved that there exist 
infinitely many odd integers k with k - 2” + | composite for all n > 1. The problem 
of determining the least such value of & remains unsolved. Up to now, k = 78557 is 
the smallest known k for which k - 2” + | is never prime for any n. 


PROBLEMS 11.4 


1. By taking fourth powers of the congruence 5 - 2’ = —1 (mod 641), deduce that 2** + 1 = 
0 (mod 641); hence, 641 | Fs. 

2. Gauss (1796) discovered that a regular polygon with p sides, where p is a prime, can be 
constructed with ruler and compass if and only if p — | is a power of 2. Show that this 
condition is equivalent to requiring that p be a Fermat prime. 

3. For n > O, prove the following: 

(a) There are infinitely many composite numbers of the form 27 + 3. 
(Hint: Use the fact that 27” = 3k + 1 for some k to establish that 7 | 27 
(b) Each of the numbers 27° + 5 is composite. 

4. Composite integers n for which n| 2” — 2 are called pseudoprimes. Show that every 

Fermat number F,, 1s either a prime or a pseudoprime. 
(Hint: Raise the congruence 27, = —1 (mod F,,) to the 2”'~" power. | 

5. For n > 2, show that the last digit of the Fermat number F,, = 2” + | is 7. 
[Hint: By induction on n, verify that 2°" = 6(mod 10) forn > 2.] 

6. Establish that 27° — | has at least n distinct prime divisors. 

(Hint: Use induction on n and the fact that 


2n+] 


aoe 


Neo SiO =] 


7. In 1869, Landry wrote: “No one of our numerous factorizations of the numbers 2” + | 
gave us as much trouble and labor as that of 2°° + 1.” Verify that 2°° + 1 can be factored 
rather easily using the identity 


A ea Oe DOr Sore) 


8. From Problem 5, conclude the following: 
(a) The Fermat number F,, 1s never a perfect square. 
(b) Forn > O, F, is never a triangular number. 
9. (a) For any odd integer 1, show that 3 | 2” + 1. 
(b) Prove that if p and g are both odd primes and g|2’” + 1, then either g = 3 or 
gq = 2kp + 1 for some integer k. 
(Hint: Because 27” = | (mod q), the order of 2 modulo g is either 2 or 2/p; in the 
latter case, 2p | b(q).] 
(c) Find the smallest prime divisor g > 3 of each of the integers 27? + | and 27! + 1. 


10. 


11. 
12. 


13. 


14. 


15. 


16. 
17. 


18. 


19. 


20. 
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Determine the smallest odd integer n > | such that 2” — I 1s divisible by a pair of twin 
primes p and g, where 3 < p < gd. 
[Hint: Being the first member of a pair of twin primes, p = —1 (mod 6). Because (2/ p) = 
(2/q) = 1, Theorem 9.6 gives p = g = +1 (mod 8); hence, p = —1 (mod 24) and g = 
| (mod 24). Now use the fact that the orders of 2 modulo p and g must divide n.| 
Find all prime numbers p such that p divides 2” + 1; do the same for 2” — I. 
Let p =3-2”"-+ 1 bea prime, where n > |. (Twenty-nine primes of this form are cur- 
rently known, the smallest occurring when n = | and the largest when n = 303093.) 
Prove each of the following assertions: 
(a) The order of 2 modulo p is either 3, 2‘ or 3 - 2 for some 0 < k <n. 
(b) Except when p = 13, 2 is not a primitive root of p. 
(Hint: If 2 is a primitive root of p, then (2/p) = —1.] 
(c) The order of 2 modulo p is not divisible by 3 if and only if p divides a Fermat number 
FowithO<k<n-—l. 
(Hint: Use the identity 27 —1 = FoF| Fo... Fe—.] 
(d) There is no Fermat number that is divisible by 7, 13, or 97. 
For any Fermat number F,, = 2*" + 1 with n > 0, establish that F, = 5 or 8 (mod 9) 
according as 7 1s odd or even. 
(Hint: Use induction to show, first, that 27, = ia (mod 9) forn > 3.] 
Use the fact that the prime divisors of F5 are of the form 2’/k + 1 = 128k + 1 to confirm 
that 641 | Fs. 
For any prime p > 3, prove the following: 
(a) +(2” + 1) is not divisible by 3. 
[Hint: Consider the identity 


oY 
2d 


(b) +(2? + 1) has a prime divisor greater than p. 
[Hint: Problem 9(b). | 
(c) The integers 7(2)° + 1) and 4(2*? + 1) are both prime. 
From the previous problem, deduce that there are infinitely many prime numbers. 
(a) Prove that 3,5, and 7 are quadratic nonresidues of any Fermat prime F,,, where > 2. 
[Hint: Pepin’s test and Problem 15, Section 9.3.] 
(b) Show that every quadratic nonresidue of a Fermat prime F,, is a primitive root of F;,. 
Establish that any Fermat prime F,, can be written as the difference of two squares, but 
not of two cubes. 
[ Hint: 


ey | ae) eae eer) os 


F, = 92" a = ar! 4 1) _ Cue a 


For n > 1, show that gcd(F;, ,n) = 1. 

[Hint: Theorem 11.11.] 

Use Theorems 11.9 and 11.11 to deduce that there are infinitely many primes of the form 
Ak +1. 


CHAPTER 


CERTAIN NONLINEAR 
DIOPHANTINE EQUATIONS 


He who seeks for methods without having a definite problem in mind seeks for 
the most part in vain. 
D. HILBERT 


12.1 THE EQUATION x? + y? = 2? 


Fermat, whom many regard as a father of modern number theory, nevertheless, hada 
custom peculiarly ill-suited to this role. He published very little personally, preferring 
to communicate his discoveries in letters to friends (usually with no more than the 
terse statement that he possessed a proof) or to keep them to himself in notes. 
A number of such notes were jotted down in the margin of his copy of Bachet’s 
translation of Diophantus’s Arithmetica. By far the most famous of these marginal 
comments is the one—presumably written about 1637—which states: 


It is impossible to write a cube as a sum of two cubes, a fourth power as a sum of two 
fourth powers, and, in general, any power beyond the second as a sum of two similar 
powers. For this, I have discovered a truly wonderful proof, but the margin is too small 
to contain it. 


In this tantalizing aside, Fermat was simply asserting that, if n > 2, then the Dio- 
phantine equation 


n 


x"+y"=z 
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has no solution in the integers, other than the trivial solutions in which at least one 
of the variables is zero. 

The quotation just cited has come to be known as Fermat’s Last Theorem or, 
more accurately, Fermat’s conjecture. By the 1800s, all the assertions appearing in the 
margin of his Arithmetica had either been proved or refuted—with the one exception 
of the Last Theorem (hence the name). The claim has fascinated many generations of 
mathematicians, professional and amateur alike, because it is so simple to understand 
yet so difficult to establish. If Fermat really did have a “truly wonderful proof,” it 
has never come to light. Whatever demonstration he thought he possessed very 
likely contained a flaw. Indeed, Fermat himself may have subsequently discovered 
the error, for there is no reference to the proof in his correspondence with other 
mathematicians. 

Fermat did, however, leave a proof of his Last Theorem for the case n = 4. To 
carry through the argument, we first undertake the task of identifying all solutions 
in the positive integers of the equation 


Pepa? (1) 
Because the length z of the hypotenuse of a right triangle is related to the lengths 
x and y of the sides by the famous Pythagorean equation x” + y* = z’, the search 
for all positive integers that satisfy Eq. (1) is equivalent to the problem of finding all 
right triangles with sides of integral length. The latter problem was raised in the days 


of the Babylonians and was a favorite with the ancient Greek geometers. Pythagoras 
himself has been credited with a formula for infinitely many such triangles, namely, 


x=2n+1 y=2n*+2n  2z=2n*+2n+1 


where n is an arbitrary positive integer. This formula does not account for all right 
triangles with integral sides, and it was not until Euclid wrote his Elements that a 
complete solution to the problem appeared. 

The following definition gives us a concise way of referring to the solutions of 


Eq. (1). 


Definition 12.1. A Pythagorean triple is a set of three integers x, y, z such that 
x* + y? = 2’; the triple is said to be primitive if gcd(x , y, z) = 1. 


Perhaps the best-known examples of primitive Pythagorean triples are 3, 4, 5 
and 5, 12, 13, whereas a less obvious one is 12, 35, 37. 

There are several points that need to be noted. Suppose that x, y, z is any 
Pythagorean triple and d = gcd(x, y, z). If we write x = dx;, y=dy,,z= dz, 
then it is easily seen that 


ae ae 


d? d? 
with gcd(x,, yj, Z1) = 1. In short, x;, yj, z,; form a primitive Pythagorean triple. 
Thus, it is enough to occupy ourselves with finding all primitive Pythagorean triples; 
any Pythagorean triple can be obtained from a primitive one upon multiplying by a 
suitable nonzero integer. The search may be confined to those primitive Pythagorean 


DS Gia? 2 
Ay ae Y= =a 
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triples x, y, z in which x > 0, y > 0, z > O, inasmuch as all others arise from the 
positive ones through a simple change of sign. 

Our development requires two preparatory lemmas, the first of which sets forth 
a basic fact regarding primitive Pythagorean triples. 


Lemma 1. If x, y, z is a primitive Pythagorean triple, then one of the integers x or y 
is even, while the other is odd. 


Proof. If x and y are both even, then 2 | (x? + y) or 2| z’, so that 2 | z. The inference 
is that gcd(x , y, z) > 2, which we know to be false. If, on the other hand, x and y 
should both be odd, then x? = 1 (mod 4) and y* = 1 (mod 4), leading to 


2 =x? + y* =2 (mod 4) 


But this is equally impossible, because the square of any integer must be congruent 
either to O or to 1 modulo 4. 


Given a primitive Pythagorean triple x, y, z, exactly one of these integers is 
even, the other two being odd (if x, y, z were all odd, then x* + y* would be even, 
whereas z” is odd). The foregoing lemma indicates that the even integer is either x 
or y; to be definite, we shall hereafter write our Pythagorean triples so that x 1s even 
and y is odd; then, of course, z 1s odd. 

It is worth noticing (and we will use this fact) that each pair of the integers x, y, 
and z must be relatively prime. Were it the case that gcd(x , y) = d > 1, then there 
would exist a prime p with p|d. Because d |x and d|y, we would have p |x and 
p|y, whence p|x* and p| y?. But then p|(x? + y’), or p|z7, giving p|z. This 
would conflict with the assumption that gcd(x, y, z) = 1, and so d = 1. In like 
manner, one can verify that gcd(y , z) = gcd(x, z) = 1. 

By virtue of Lemma 1, there exists no primitive Pythagorean triple x, y, z all of 
whose values are prime numbers. There are primitive Pythagorean triples in which 
z and one of x or y is a prime; for instance, 3, 4, 5; 11, 60, 61; and 19, 180, 181. It 
is unknown whether there exist infinitely many such triples. 

The next hurdle that stands in our way is to establish that if a and D are relatively 
prime positive integers having a square as their product, then a and b are themselves 
squares. With an assist from the Fundamental Theorem of Arithmetic, we can prove 
considerably more, to wit, Lemma 2. 


Lemma 2. If ab = c”, where gcd(a, b) = 1, then a and b are nth powers; that is, 
there exist positive integers a,, b, for whicha = a}, b = bj. 


Proof. There is no harm in assuming thata > 1 and b > 1. If 


k, eae 


a = pi py --- p® b=qj'qz ---qt 


are the prime factorizations of a and b, then, bearing in mind that gcd(a, b) = 1, no 
p; can occur among the q;. As a result, the prime factorization of ab is given by 


k ee | j 
a= pap ge. gh 
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Let us suppose that c can be factored into primes asc = u' ue vee ui . Then the condition 


ab = c" becomes 


k Eo ;, nl ip 

Py eve De qi. ---qi =U," “Uy 
From this we see that the primes u;,..., u; are Pj, .-.., Pr, G1, ---5 Gs (in some order) 
and nl,,..., nl, are the corresponding exponents k,,...,k;, j1,..., Js. The conclu- 


sion: Each of the integers k; and j; must be divisible by n. If we now put 


ky /n __k2/ k,/ 
"Dy oe p n 


ai = Pp; r 
b i gigs za .gil® 


then aj =a, b} = b, as desired. 


With the routine work now out of the way, the characterization of all primitive 


Pythagorean triples is fairly straightforward. 


Theorem 12.1. All the solutions of the Pythagorean equation 
P+yar 
satisfying the conditions 
ecd(x, y, = 1 21% x>0,y>0,z>0 
are given by the formulas 
x= 251 i a ee oe 
for integers s > t > O such that gcd(s , t) = 1 and s € t (mod 2). 
Proof. To start, let x, y, z be a (positive) primitive Pythagorean triple. Because we 


have agreed to take x even, and y and z both odd, z — y and z+ y are even integers; 
say, Z— y = 2u andz+ y = 2v. Now the equation x? + y* = z? may be rewritten as 


xa 2?—y?=(z—yizt+y) 


8 <(P)CP)-» 


Notice that u and v are relatively prime; indeed, if gcd(u , v) = d > 1, thend | (u — v) 
and d | (u + v), or equivalently, d | y and d | z, which violates the fact that gcd(y , z) = 
1. Taking Lemma 2 into consideration, we may conclude that u and v are each perfect 
squares; to be specific, let 


whence 


where s and ¢ are positive integers. The result of substituting these values of u and v 
reads 

z=vtuss*+r 

y=v—-u=s*-?t* 


x? = 4vu = 4371? 
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or, in the last case x = 2st. Because a common factor of s and t divides both y and z, 
the condition gcd(y , z) = 1 forces gcd(s , t) = 1. It remains for us to observe that if 
s and t were both even, or both odd, then this would make each of y and z even, which 
is an impossibility. Hence, exactly one of the pair s, t is even, and the other is odd; in 
symbols, s # t (mod 2). 

Conversely, let s and t be two integers subject to the conditions described before. 
That x = 2st, y =s* —t?, z=s?+127 form a Pythagorean triple follows from the 
easily verified identity 


x2 a y? = (2st)? ae (s? = iy i (s? ae t?)? = 2 


To see that this triple is primitive, we assume that gcd(x , y, z) =d > 1 and take p to 
be any prime divisor of d. Observe that p 4 2, because p divides the odd integer z (one 
of s and t is odd, and the other is even, hence, s* + t* = z must be odd). From p| y 
and p|z, we obtain p|(z+ y) and p|(z—y), or put otherwise, p|2s* and p| 2r’. 
But then p|s and p|t, which is incompatible with gcd(s , t) = 1. The implication of 
all this is that d = 1 and so x, y, z constitutes a primitive Pythagorean triple. Theorem 
12.1 is thus proven. 


The table below lists some primitive Pythagorean triples arising from small 
values of s and t. For each value of s = 2, 3,..., 7, we have taken those values of ft 
that are relatively prime to s, less than s, and even whenever s is odd. 


x y z 
s t (2st) (s? — £7) (s? + 17) 
2 1 4 3 5 
3 2. 12 5 13 
4 1 8 15 17 
4 3 24 fj 25 
5 2 20 21 29 
5 4 40 9 41 
6 1 12 35 37 
6 5 60 11 61 
7 2 28 45 53 
7 4 56 33 65 
7 6 84 13 85 


From this, or from a more extensive table, the reader might be led to suspect 
that if x, y, z is a primitive Pythagorean triple, then exactly one of the integers x or 
y is divisible by 3. This is, in fact, the case. For, by Theorem 12.1, we have 


C=281 y=s°-f? zg=s*t+r 


where gcd(s , t) = 1. If either 3| 5 or 3|t, then evidently 3 |x, and we need go no 
further. Suppose that 3 / s and3 / t. Fermat’s theorem asserts that 


r= (mod 3) =] (mod 3) 
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and so 
= s* —t* = 0 (mod 3) 


In other words, y is divisible by 3, which is what we were required to show. 

Let us define a Pythagorean triangle to be a right triangle whose sides are 
of integral length. Our findings lead to an interesting geometric fact concerning 
Pythagorean triangles, recorded as Theorem 12.2. 


Theorem 12.2. The radius of the inscribed circle of a Pythagorean triangle is always 
an integer. 


Proof. Letr denote the radius of the circle inscribed in a right triangle with hypotenuse 
of length z and sides of lengths x and y. The area of the triangle is equal to the sum of 
the areas of the three triangles having common vertex at the center of the circle; hence, 

1 


1 1 1 | 
ma = re + ribaes Rr = ae +y+2Z) 


The situation is illustrated below: 


Now x” + y” = z?. But we know that the positive integral solutions of this equation 
are given by : 


x = 2kst ve ks-1-) z=k(s? +t’) 
for an appropriate choice of positive integers k, s, t. Replacing x, y, z in the equation 
xy =r(x + y + z) by these values and solving for r, it will be found that 
2k*st(s* — t?) 
| 7 an 
k(2st + s? —t? +52 4+ 1?) 
_ kt(s* — 1?) 
— g4+t 
= kt(s — ft) 


which is an integer. 


We take the opportunity to mention another result relating to Pythagorean tri- 
angles. Notice that it is possible for different Pythagorean triangles to have the same 
area; for instance, the right triangles associated with the primitive Pythagorean triples 
20, 21, 29 and 12, 35, 37 each have an area equal to 210. Fermat proved: For any 
integer n > 1, there exist n Pythagorean triangles with different hypotenuses and 
the same area. The details of this are omitted. 
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PROBLEMS 12.1 


1. 


10. 


11. 


12. 


(a) Find three different Pythagorean triples, not necessarily primitive, of the form 
16, y, Zz. 

(b) Obtain all primitive Pythagorean triples x, y, z in which x = 40; do the same for 
x = 60. 


. If x, y, z iS a primitive Pythagorean triple, prove that x + y and x — y are congruent 


modulo 8 to either | or 7. 


. (a) Prove that if n 4 2 (mod 4), then there is a primitive Pythagorean triple x, y, z in 


which x or y equals n. 

(b) Ifn > 3 is arbitrary, find a Pythagorean triple (not necessarily primitive) having n as 
one of its members. 
[Hint: Assuming n is odd, consider the triple n, +(n? — ]), 5 (n? + 1); for n even, 
consider the triple n, (n?/4) — 1, (n?/4) + 1.] 


. Prove that in a primitive Pythagorean triple x, y, z, the product xy is divisible by 12, 


hence 60 | xyz. 


. For a given positive integer n, show that there are at least n Pythagorean triples having 


the same first member. 
[Hint: Let y, = 2*(27"-7* — 1) and z, = 2*(22"-7* 4 1) fork = 0,1,2,...,n —1.Then 
2"+1 yn, Z% are all Pythagorean triples. ] 


. Verify that 3, 4, 5 is the only primitive Pythagorean triple involving consecutive positive 


integers. 


. Show that 3n, 4n, 5n where n = 1, 2,... are the only Pythagorean triples whose terms 


are in arithmetic progression. 
[Hint: Call the triple in question x — d, x, x + d, and solve for x in terms of d.] 


. Find all Pythagorean triangles whose areas are equal to their perimeters. 


[Hint: The equations x?+y%?=z*andx+y+z= sxy imply that (x — 4)(y — 4) = 8.] 


. (a) Prove that if x, y, z is a primitive Pythagorean triple in which x and z are consecutive 


positive integers, then 
x = 2t(t +1) y=2t+1 z=2tt+1)4+1 


for some t > 0. 
(Hint: The equation 1 = z —x = s* + t* — 2st implies that s —t = 1.] 

(b) Prove that if x, y, zis a primitive Pythagorean triple in which the difference z — y = 2, 
then 


x=2t y=f-1 z=??+1 


for some t > 1. 
Show that there exist infinitely many primitive Pythagorean triples x, y, z whose even 
member x is a perfect square. 
(Hint: Consider the triple 4n”, n* — 4, n* +. 4, where n is an arbitrary odd integer.] 
For an arbitrary positive integer n, show that there exists a Pythagorean triangle the radius 
of whose inscribed circle is n. 
[Hint: If r denotes the radius of the circle inscribed in the Pythagorean triangle having 
sides a and b and hypotenuse c, then r = $(a + b —c). Now consider the triple 2n + 1, 
2n* + 2n, 2n* + 2n + 1.] 
(a) Establish that there exist infinitely many primitive Pythagorean triples x, y, z in 
which x and y are consecutive positive integers. Exhibit five of these. 
[Hint: If x, x + 1, z forms a Pythagorean triple, then so does the triple 3x + 2z + 1, 
3x + 2z+ 2,4x +3z4+2.] 
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(b) Show that there exist infinitely many Pythagorean triples x, y, z in which x and y 
are consecutive triangular numbers. Exhibit three of these. 
[Hint: If x, x + 1, z forms a Pythagorean triple, then so does f9,, fox41, (2x + 1)z.] 
13. Use Problem 12 to prove that there exist infinitely many triangular numbers that are 
perfect squares. Exhibit five such triangular numbers. 
[Hint: If x, x +1, z forms a Pythagorean triple, then upon setting vu =z—x—l,v= 
x + 5(1 — 2), one obtains u(u + 1)/2 = v?.] 


12.2 FERMAT’S LAST THEOREM 


With our knowledge of Pythagorean triples, we are now prepared to take up the 
one case in which Fermat himself had a proof of his conjecture, the case n = 4. 
The technique used in the proof is a form of induction sometimes called “Fermat’s 
method of infinite descent.” In brief, the method may be described as follows: It is 
assumed that a solution of the problem in question is possible in the positive integers. 
From this solution, one constructs a new solution in smaller positive integers, which 
then leads to a still smaller solution, and so on. Because the positive integers cannot 
be decreased in magnitude indefinitely, it follows that the initial assumption must 
be false and therefore no solution is possible. 

Instead of giving a proof of the Fermat conjecture for n = 4, it turns out to be 
easier to establish a fact that is slightly stronger, namely, the impossibility of solving 
the equation x* + y* = 2” in the positive integers. 


Theorem 12.3 Fermat. The Diophantine equation x4* + y* = z” has no solution in 
positive integers x, y, Zz. : 


Proof. With the idea of deriving a contradiction, let us assume that there exists a 
positive solution x9, yo, zo of x4 + y* = z’. Nothing is lost in supposing also that 
gcd(xo, yo) = 1; otherwise, put gcd(xo, yo) = d, x» = dx1, yo = dy, Zo = d*z to 
get x + y? = 2 with gcd(x,, y) = 1. 
Expressing the supposed equation xj + yj = z2 in the form 
(x9)" + 0)" = 20 


we see that xé, yo, zo meet all the requirements of a primitive Pythagorean triple, and 
therefore Theorem 12.1 can be brought into play. In such triples, one of the integers 
x@ or yg is necessarily even, whereas the other is odd. Taking x6 (and hence x9) to be 
even, there exist relatively prime integers s > t > O satisfying 


x, = 281 
yeast? 
zo = 57 +0? 
where exactly one of s and ¢ is even. If it happens that s is even, then we have 
l=yi =s?-1? =0-—1=3 (mod 4) 


which is an impossibility. Therefore, s must be the odd integer and, in consequence, 
t is the even one. Let us put ¢ = 2r. Then the equation x6 = 2st becomes x6 = 4sr, 
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which says that 


a) 
= 57 
2 
But Lemma 2 asserts that the product of two relatively prime integers [note that 
gcd(s , t) = 1 implies that gcd(s, r) = 1] is a square only if each of the integers 
itself is a square; hence, s = z*, r = w? for positive integers z,, w1. 
We wish to apply Theorem 12.1 again, this time to the equation 

t+ yo = 8° 
Because gcd(s , t) = 1, it follows that gcd(t , yo, s) = 1, making f, yo, s a primitive 
Pythagorean triple. With t even, we obtain 

t = 2uv 

JOS bo 

s=u’+yv? 


for relatively prime integers u > v > 0. Now the relation 


signifies that u and v are both squares (Lemma 2 serves its purpose once more); say, 
u = x? andv = y?. When these values are substituted into the equation for s, the result 
iS 


qessutve=xtyy 
A crucial point is that, z, and t being positive, we also have the inequality 


2 


O<zy<zi=s<s <s* +1? = 2 


What has happened is this. Starting with one solution xo, yo, zo of x* + y* = z?, 
we have constructed another solution x;, y,, z; such that 0 < z; < zg. Repeating the 
whole argument, our second solution would lead to a third solution x2, y2, z2 with 
O < z2 < z,, which, in turn, gives rise to a fourth. This process can be carried out as 
many times as desired to produce an infinite decreasing sequence of positive integers 


Zo > Z>2Z2>°°: 


Because there is only a finite supply of positive integers less than zg, a contradiction 
occurs. We are forced to conclude that x4 + y* = z? is not solvable in the positive 
integers. 

As an immediate result, one gets the following corollary. 


Corollary. The equation x* + y* = z‘ has no solution in the positive integers. 


Proof. If xo, yo, Zo Were a positive solution of x* + y* = 27, then xo, yo, 26 would 
satisfy the equation x* + y* = z?, in conflict with Theorem 12.3. 


Ifn > 2, then n is either a power of 2 or divisible by an odd prime p. In the first 


case, n = 4k for some k > 1 and the Fermat equation x” + y” = z” can be written 


(x")* + (y*)* = (2*)4 
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We have just seen that this equation is impossible in the positive integers. When 
n = pk, the Fermat equation is the same as 


(x*)? + (y*)P = (2)? 
If it could be shown that the equation u? + v? = w?” has no solution, then, in par- 
ticular, there would be no solution of the form u = x*, v = y*, w = z*; hence, 


x" + y” = z” would not be solvable. Therefore, Fermat’s conjecture reduces to this: 
For no odd prime p does the equation 


xP 4+ yP = 2 


admit a solution in the positive integers. 

Although the problem has challenged the foremost mathematicians of the last 
300 years, their efforts tended to produce partial results and proofs of individual 
cases. Euler gave the first proof of the Fermat conjecture for the prime p = 3 in the 
year 1770; the reasoning was incomplete at one stage, but Legendre later supplied 
the missing steps. Using the method of infinite descent, Dirichlet and Legendre 
independently settled the case p = 5 around 1825. Not long thereafter, in 1839, 
Lamé proved the conjecture for seventh powers. With the increasing complexity 
of the arguments came the realization that a successful resolution of the general 
case called for different techniques. The best hope seemed to lie in extending the 
meaning of “integer” to include a wider class of numbers and, by attacking the 
problem within this enlarged system, obtaining more information than was possible 
by using ordinary integers only. 

The German mathematician Kummer made the major breakthrough. In 1843, he 
submitted to Dirichlet a purported proof of Fermat’s conjecture based upon an ex: 
tension of the integers to include the so-called “algebraic numbers” (that is, complex 
numbers satisfying polynomials with rational coefficients). Having spent consider- 
able time on the problem himself, Dirichlet was immediately able to detect the flaw 
in the reasoning: Kummer had taken for granted that algebraic numbers admit a 
unique factorization similar to that of the ordinary integers, which is not always true. 

But Kummer was undeterred by this perplexing situation and returned to his 
investigations with redoubled effort. To restore unique factorization to the algebraic 
numbers, he was led to invent the concept of ideal numbers. By adjoining these new 
entities to the algebraic numbers, Kummer successfully proved Fermat’s conjecture 
for a large class of primes that he termed regular primes (that this represented an 
enormous achievement is reflected in the fact that the only irregular primes less 
than 100 are 37, 59, and 67). Unfortunately, it is still not known whether there are 
an infinite number of regular primes, whereas in the other direction, Jensen (1915) 
established that there exist infinitely many irregular ones. Almost all the subsequent 
progress on the problem was within the framework suggested by Kummer. 

In 1983, a 29-year-old West German mathematician, Gerd Faltings, proved that 
for each exponent n > 2, the Fermat equation x” + y” = z” can have at most a finite 
number (as opposed to an infinite number) of integral solutions. At first glance, this 
may not seem like much of an advance; but if it could be shown that the finite number 
of solutions was zero in each case, then the Fermat’s conjecture would be laid to rest 
once and for all. 
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Another striking result, established in 1987, was that Fermat’s assertion is true 
for “almost all” values of n; that is, as n increases the percentage of cases in which 
the conjecture could fail approaches zero. 

With the advent of computers, various numerical tests were devised to verify 
Fermat’s conjecture for specific values of n. In 1977, S.S. Wagstaff took over 2 years, 
using computing time on four machines on weekends and holidays, to show that the 
conjecture held for all m < 125000. Since that time, the range of exponents for which 
the result was determined to be true has been extended repeatedly. By 1992, Fermat’s 
conjecture was known to be true for exponents up to 4000000. 

For a moment in the summer of 1993, it appeared that the final breakthrough 
had been made. At the conclusion of 3 days of lectures in Cambridge, England, 
Andrew Wiles of Princeton University stunned his colleagues by announcing that he 
could favorably resolve Fermat’s conjecture. His proposed proof, which had taken 
7 years to prepare, was an artful blend of many sophisticated techniques developed by 
other mathematicians only within the preceding decade. The key insight was to link 
equations of the kind posed by Fermat with the much-studied theory of elliptic curves; 
that is, curves determined by cubic polynomials of the form y? = x? + ax +b, 
where a and b are integers. 

The overall structure and strategy of Wiles’s argument was so compelling that 
mathematicians hailed it as almost certainly correct. But when the immensely com- 
plicated 200-page manuscript was carefully scrutinized for hidden errors, it revealed 
a subtle snag. No one claimed that the flaw was fatal, and bridging the gap was felt 
to be feasible. Over a year later, Wiles provided a corrected, refined, and shorter 
(125-page) version of his original proof to the enthusiastic reviewers. The revised 
argument was seen to be sound, and Fermat’s seemingly simple claim was finally 
settled. 

The failure of Wiles’s initial attempt is not really surprising or unusual in math- 
ematical research. Normally, proposed proofs are privately circulated and examined 
for possible flaws months in advance of any formal announcement. In Wiles’s case, 
the notoriety of one of number theory’s most elusive conjectures brought premature 
publicity and temporary disappointment to the mathematical community. 

To round out our historical digression, we might mention that in 1908 a prize 
of 100,000 marks was bequeathed to the Academy of Science at Goéttingen to be 
paid for the first complete proof of Fermat’s conjecture. The immediate result was 
a deluge of incorrect demonstrations by amateur mathematicians. Because only 
printed solutions were eligible, Fermat’s conjecture is reputed to be the mathemat- 
ical problem for which the greatest number of false proofs have been published; 
indeed, between 1908 and 1912 over 1000 alleged proofs appeared, mostly printed 
as private pamphlets. Suffice it to say, interest declined as the German inflation 
of the 1920s wiped out the monetary value of the prize. (With the introduction of 
the Reichsmark and Deutsche Mark [DM] and after various currency revaluations, 
the award was worth about DM 75,000 or $40,000 when it was presented to Wiles 
in 1997.) 

From x* + y* — z*, we move on to a closely related Diophantine equation, 
namely, x* — y* = z’. The proof of its insolubility parallels that of Theorem 12.3, 
but we give a slight variation in the method of infinite descent. 
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Theorem 12.4 Fermat. The Diophantine equation x+ — y* = z* has no solution in 
positive integers x, y, Z. 


Proof. The proof proceeds by contradiction. Let us assume that the equation admits 
a solution in the positive integers and among these solutions x9, yo, Zo iS one with 
a least value of x; in particular, this supposition forces x9 to be odd (Why?). Were 
gcd(xo, yo) = d > 1, then putting x9 = dx), yo = dy), we would have d4(x} — y}) = 
Za whence d? | zo or zo = d’z for some z; > 0. It follows that x,, yj, Z1 provides a 
solution to the equation under consideration with 0 < x; < x9, which is an impossible 
situation. Thus, we are free to assume a solution x9, yo, Zo in which gcd(xo, yo) = 1. 
The ensuing argument falls into two stages, depending on whether yo is odd or even. 

First, consider the case of an odd integer yo. If the equation xj — yg = 2% is 
written in the form zZ + (ye)? = x6)”, we see that zo, yg, xg constitute a primitive 
Pythagorean triple. Theorem 12.1 asserts the existence of relatively prime integers 
s > t > O for which 


Zi 2S 
yeas??? 
Xe =s*4+fr? 
Thus, it appears that 
444 Dep - 12 ev 
s*—t* = (s* + t°)(s° — 1°) = xp ¥9 = (roy) 


making s, t, xo yo a (positive) solution to the equation x* — y+ = z*. Because 


O<s<vVs24+t? = xp 


we atrive at a contradiction to the minimal nature of xo. 
For the second part of the proof, assume that yo is an even integer. Using the 
formulas for primitive Pythagorean triples, we now write 
ye — AY 
£0 = s? =< t? 
Xe =s? 41? 
where s may be taken to be even and ¢ to be odd. Then, in the relation yo = 2st, we have 
gcd(2s , t) = 1. The now-customary application of Lemma 2 tells us that 2s and t¢ are 
each squares of positive integers; say, 2s = w?, t = v’. Because w must of necessity 
be an even integer, set w = 2u to get s = 2u”. Therefore, 
xp=se te a4ue ty 
and so 2u*, v”, x9 forms a primitive Pythagorean triple. Falling back on Theorem 12.1 
again, there exist integers a > b > O for which 
2u? = 2ab 
ae ele 
xo =a* +b? 
where gcd(a , b) = 1. The equality u* = ab ensures that a and b are perfect squares, 


so that a = c? and b = d’. Knowing this, the rest of the proof is easy; for, upon 
substituting, 


eee ae 2 ee 
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The result is a new solution c, d, v of the given equation x* — y* = z” and what is 
more, a solution in which 


0O<cH=Va<a@74+h =x 


contrary to our assumption regarding Xo. 
The only resolution of these contradictions is that the equation x* — y* = z? 
cannot be satisfied in the positive integers. 


In the margin of his copy of Diophantus’s Arithmetica, Fermat states and proves 
the following: The area of a right triangle with rational sides cannot be the square of 
a rational number. Clearing of fractions, this reduces to a theorem about Pythagorean 
triangles, to wit, Theorem 12.5. 


Theorem 12.5. The area of a Pythagorean triangle can never be equal to a perfect 
(integral) square. 


Proof. Consider a Pythagorean triangle whose hypotenuse has length z and other two 
sides have lengths x and y, so that x* + y? = z*. The area of the triangle in question 
is 5xy, and if this were a square, say uw”, it would follow that 2xy = 4u?. By adding 
and subtracting the last-written equation from x? + y* = z”, we are led to 


(x + yy = 774+ 4? and (x — ye = 77 — Ay” 


When these last two equations are multiplied together, the outcome is that two fourth 
powers have as their difference a square: 


(x2 — y2)? = 74 — 16u4 = 24 — (2uy' 


Because this amounts to an infringement on Theorem 12.4, there can be no Pythagorean 
triangle whose area is a square. 


There are a number of simple problems pertaining to Pythagorean triangles that 
still await solution. The corollary to Theorem 12.3 may be expressed by saying that 
there exists no Pythagorean triangle all the sides of which are squares. However, 
it is not difficult to produce Pythagorean triangles whose sides, if increased by 1, 
are Squares; for instance, the triangles associated with the triples 13 — 1, 107 — 1, 
14? — 1, and 2877 — 1, 265% — 1, 3297 — 1. An obvious—and as yet unanswered— 
question is whether there are an infinite number of such triangles. We can find 
Pythagorean triangles each side of which is a triangular number. [By a triangular 
number, we mean an integer of the form t, = n(n + 1)/2.] An example of such 
is the triangle corresponding to f132, t143, ti64. It is not known if infinitely many 
Pythagorean triangles of this type exist. 

As aclosing comment, we should observe that all the effort expended on attempt- 
ing to prove Fermat’s conjecture has been far from wasted. The new mathematics 
that was developed as a by-product laid the foundations for algebraic number theory 
and the ideal theory of modern abstract algebra. It seems fair to say that the value of 
these far exceeds that of the conjecture itself. 

Another challenge to number theorists, somewhat akin to Fermat’s conjecture, 
concerns the Catalan equation. Consider for the moment the squares and cubes of 
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positive integers in increasing order: 
1,4, 8,9, 16, 25, 27, 36, 49, 64, 81, 100,... 


We notice that 8 and 9 are consecutive integers in this sequence. The medieval 
astronomer Levi ben Gerson (1288-1344) proved that there are no other consecutive 
powers of 2 and 3; to put it another way, he showed that if 3” — 2” = +1, with 
m> 1 andn > 1, then m = 2 and n = 3. In 1738, Euler, using Fermat’s method 
of infinite descent, dealt with the equation x* — y? = +1, proving that x = 2 and 
y = 3. Catalan himself contributed little more to the consecutive-power problem 
than the assertion (1844) that the only solution of the equation x” — y” = | in 
integers x, y, m,n, all greater than 1,ism = y = 2,n = x = 3. This statement, now 
known as Catalan’s conjecture, was proved, in 2002. 

Over the years, the Catalan equation x” — y” = | had been shown to be impos- 
sible of solution for special values of m and n. For example in 1850, V. A. Lebesgue 
proved that x” — y? = |] admits no solution in the positive integers for m 4 3; but, 
it remained until 1964 to show that the more difficult equation x* — y” = 1 is not 
solvable for n 4 3. The cases x? — y? = 1 andx™ — y? = 1, withm 2, were suc- 
cessfully resolved in 1921. The most striking result, obtained by R. Tijdeman in 
1976, is that x” — y” = 1 has only a finite number of solutions, all of which are 
smaller than some computable constant C > 0; that is, x”, y” < C. 

Suppose that Catalan’s equation did have a solution other than 37 — 2? = 1. 
If p and g are primes dividing m and n respectively, then x”/? and y"/4 would 
provide a solution to the equation uv? — v4 = 1. What needed to be shown was that 
this equation was not solvable in integers u, v > 2 and distinct primes p, g => 5. One 
approach called for obtaining explicit bounds on the possible size of the exponents. A 
series of investigations continually sharpened the restrictions until by the year 2000 
it was known that 3 - 108 < p < (7.15)10!! and 3.108 < g < (7.75)10!°. Thus, the 
Catalan conjecture could in principle be settled by exhaustive computer calculations; 
but until the upper bound was lowered, this would take a long time. 

In 2000, Preda Mihailescu proved that for a Catalan solution to exist, p and g 
must satisfy the simultaneous congruences 


p?' = 1(modq’*) and q?~! = \(mod p’) 


These are known as double Wieferich primes, after Arthur Wieferich, who inves- 
tigated (1909) the congruence 2?~! = 1 (mod p’). Such pairs of primes are rare, 
with only six pairs having been identified by the year 2001. Furthermore, as each 
of these 12 primes is less than 3 - 10°, none satisfied the known restrictions. Taking 
advantage of his results on Wieferich primes, Mihailescu continued to work on the 
problem. He finally settled the famous question early in the following year: the only 
consecutive powers are 8 and 9. 

One interesting consequence of these results is that no Fermat number F,, = 
2*" + 1 can be a power of another integer, the exponent being greater than 1. For if 
F, = a™, with m > 2, thena™ — (22"')* = 1, which would imply that the equation 
x” — y* = J has a solution. 
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PROBLEMS 12.2 


1. 


Show that the equation x* + y* = z> has infinitely many solutions for x, y, z positive 
integers. 
[Hint: For any n > 2, let x = n(n* — 3) and y = 3n? — 1.] 


. Prove the theorem: The only solutions in nonnegative integers of the equation x? + 2y? = 


z*, with gcd(x , y, z) = 1, are given by 
x=H+(2s?-2?) y=2st z=2s? 40 


where s, ¢ are arbitrary nonnegative integers. 
[Hint: If u, v, w are such that y = 2w, z+x = 2u, z —x = 2v, then the equation 
becomes 2w? = uv.] 


. Ina Pythagorean triple x, y, z, prove that not more than one of x, y, or z can be a perfect 


square. 


. Prove each of the following assertions: 


(a) The system of simultaneous equations 


x+y =27-1 and x? —y*=w’*-] 


has infinitely many solutions in positive integers x, y, Z, w 
[Hint: For any integer n > 1, take x = 2n? and y = 2n.] 
(b) The system of simultaneous equations 


x+y? = 2? and x“ -—y* =w 


admits no solution in positive integers x, y, Z, w 
(c) The system of simultaneous equations 


r+y=2741 and x?—-y=w*+] 


has infinitely many solutions in positive unlezers XV yWs 
(Hint: For any integer n > 1, take x = 8n* + 1 and y = 8n?.] 


. Use Problem 4 to establish that there is no solution in positive integers of the simultaneous 


equations 


a he y= z? and e412) =w 


[Hint: Any solution of the given system also satisfies z* + y? = w? and z? — y* = x’.] 


. Show that there is no solution in positive integers of the simultaneous equations 


Pyar ana ae aie 
hence, there exists no Pythagorean triangle whose hypotenuse and one of whose sides 
form the sides of another Pythagorean triangle. 

[Hint: Any solution of the given system also satisfies x* + (wy)* = z*.] 


. Prove that the equation x* — y* = 2z* has no solutions in positive integers x, y, z 


[Hint: Because x, y must be both odd or both even, x? + y* = 2a”, x + y = 2b’, 
x-y= 2c* for some a, b, c; hence, a* = b* + c*.] 


. Verify that the only solution in relatively prime positive integers of the equation x* + y* = 


2 is = = | 
[Hint: Any solution of the given equation also satisfies the equation 


4_ 4\2 
A —oyt=(* ~) ] 


260 


9. 


10. 


11. 


12. 


ELEMENTARY NUMBER THEORY % 


Prove that the Diophantine equation x4 


X,Y, &. 


[Hint: Rewrite the given equation as (2y*)? + z” = (x*)* and appeal to Theorem 12.1.] 
Use Problem 9 to prove that there exists no Pythagorean triangle whose area is twice a 


perfect square. 


[Hint: Assume to the contrary that x? + y? =z? and Ixy = 2w?. Then (x + y)* = 
7) y 


z? + 8w?, and (x — y)? = 2? — 8w”. This leads to z* — 4(2w)* = (x? — y)*.] 
Prove the theorem: The only solutions in positive integers of the equation 
as se d( i= 
—=+5=5 cd(x, y, Z= 
ep 2 8 y 
are given by 
x = 2st(s? +t’) y= ay z = 2st(s* — t’) 
where s, ¢t are relatively prime positive integers, one of which is even, with s > f. 
Show that the equation 1/x* + 1/y* = 1/z’ has no solution in positive integers. 


— 4y* = z* has no solution in positive integers 


CHAPTER 


REPRESENTATION OF INTEGERS 
AS SUMS OF SQUARES 


The object of pure Physic is the unfolding of the laws of the intelligible world; 
the object of pure Mathematic that of unfolding the laws of human intelligence. 
J. J. SYLVESTER 


13.1 JOSEPH LOUIS LAGRANGE 


After the deaths of Descartes, Pascal, and Fermat, no French mathematician of 
comparable stature appeared for over acentury. In England, meanwhile, mathematics 
was being pursued with restless zeal, first by Newton, then by Taylor, Stirling, and 
Maclaurin, while Leibniz came upon the scene in Germany. Mathematical activity 
in Switzerland was marked by the work of the Bernoullis and Euler. Toward the end 
of the 18th century, Paris did again become the center of mathematical studies, as 
Lagrange, Laplace, and Legendre brought fresh glory to France. 

An Italian by birth, German by adoption, and Frenchman by choice, Joseph 
Louis Lagrange (1736-1813) was, next to Euler, the foremost mathematician of the 
18th century. When he entered the University of Turin, his great interest was in 
physics, but, after chancing to read a tract by Halley on the merits of Newtonian 
calculus, he became excited about the new mathematics that was transforming celes- 
tial mechanics. He applied himself with such energy to mathematical studies that he 
was appointed, at the age of 18, Professor of Geometry at the Royal Artillery School 
in Turin. The French Academy of Sciences soon became accustomed to including 
Lagrange among the competitors for its biennial prizes: between 1764 and 1788, he 
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Joseph Louis Lagrange 
(1736-1813) 


(Dover Publications, Inc.) 


won five of the coveted prizes for his applications of mathematics to problems in 
astronomy. 

In 1766, when Euler left Berlin for St. Petersburg, Frederick the Great arranged 
for Lagrange to fill the vacated post, accompanying his invitation with a modest 
message that said, “It is necessary that the greatest geometer of Europe should 
live near the greatest of Kings.” (To D’Alembert, who had suggested Lagrange’s 
name, the King wrote, “To your care and recommendation am | indebted for having 
replaced a half-blind mathematician with a mathematician with both eyes, which will 
especially please the anatomical members of my academy.”) For the next 20 years, 
Lagrange served as director of the mathematics section of the Berlin Academy, 
producing work of high distinction that culminated in his monumental treatise, the 
Mécanique Analytique (published in 1788 in four volumes). In this work he unified 
general mechanics and made of it, as the mathematician Hamilton was later to 
say, “a kind of scientific poem.” Holding that mechanics was really a branch of pure 
mathematics, Lagrange so completely banished geometric ideas from the Mécanique 
Analytique that he could boast in the preface that not a single diagram appeared in 
its pages. 

Frederick the Great died in 1786, and Lagrange, no longer finding a sympathetic 
atmosphere at the Prussian court, decided to accept the invitation of Louis XVI to 
settle in Paris, where he took French citizenship. But the years of constant activity 
had taken their toll: Lagrange fell into a deep mental depression that destroyed his 
interest in mathematics. So profound was his loathing for the subject that the first 
printed copy of the Mécanique Analytique—the work of a quarter century—lay 
unexamined on his desk for more than 2 years. Strange to say, it was the turmoil 
of the French Revolution that helped to awaken him from his lethargy. Following 
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the abolition of all the old French universities (the Academy of Sciences was also 
suppressed) in 1793, the revolutionists created two new schools, with the humble 
titles of Ecole Normale and Ecole Polytechnique, and Lagrange was invited to lecture 
on analysis. Although he had not lectured since his early days in Turin, having 
been under royal patronage in the interim, he seemed to welcome the appointment. 
Subject to constant surveillance, the instructors were pledged “neither to read nor 
repeat from memory” and transcripts of their lectures as delivered were inspected 
by the authorities. Despite the petty harassments, Lagrange gained a reputation as 
an inspiring teacher. His lecture notes on differential calculus formed the basis of 
another classic in mathematics, the Théorie des Fonctions Analytique (1797). 

Although Lagrange’s research covered an extraordinarily wide spectrum, he 
possessed, much like Diophantus and Fermat before him, a special talent for the 
theory of numbers. His work here included: the first proof of Wilson’s theorem that 
ifn is a prime, then (n — 1)! = —1 (mod~n); the investigation of the conditions under 
which +2 and +5 are quadratic residues or nonresidues of an odd prime (—1 and 
+3 having been discussed by Euler); finding all integral solutions of the equation 
x* — ay* = 1; and the solution of a number of problems posed by Fermat to the 
effect that certain primes can be represented in particular ways (typical of these is 
the result that asserts that every prime p = 3 (mod 8) is of the form p = a” + 2b’). 
This chapter focuses on the discovery for which Lagrange has acquired his greatest 
renown in number theory, the proof that every positive integer can be expressed as 
the sum of four squares. 


13.2 SUMS OF TWO SQUARES 


Historically, a problem that has received a good deal of attention has been that of 
representing numbers as sums of squares. In the present chapter, we develop enough 
material to settle completely the following question: What is the smallest value n 
such that every positive integer can be written as the sum of not more than n squares? 
Upon examining the first few positive integers, we find that 


{=| 
a a 
3=174+174+P 
4=2? 
5=2?+4 1? 


627 fe a4 
Pe ee 


Because four squares are needed in the representation of 7, a partial answer to 
our question is that n > 4. Needless to say, there remains the possibility that some 
integers might require more than four squares. A justly famous theorem of Lagrange, 
proved in 1770, asserts that four squares are sufficient; that is, every positive integer 
is realizable as the sum of four squared integers, some of which may be 0 = 07. This 
is our Theorem 13.7. 
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To begin with simpler things, we first find necessary and sufficient conditions 
that a positive integer be representable as the sum of two squares. The problem may 
be reduced to the consideration of primes by the following lemma. 


Lemma. If m and n are each the sum of two squares, then so is their product mn. 


Proof. If m = a? +b? andn = c? + d’ for integers a, b, c, d, then 
mn = (a? + b*)(c? +d’) = (ac + bd)’ + (ad — bcy* 
It is clear that not every prime can be written as the sum of two squares; for 


instance, 3 = a* + b* has no solution for integral a and b. More generally, one can 
prove Theorem 13.1. 


Theorem 13.1. No prime p of the form 4k + 3 is a sum of two squares. 
Proof. Modulo 4, we have a = 0, 1, 2, or 3 for any integer a; consequently, a? =Oor 
1 (mod 4). It follows that, for arbitrary integers a and b, 
a’ + b* = 0, 1, or 2 (mod 4) 
Because p = 3 (mod 4), the equation p = a” + b” is impossible. 
On the other hand, any prime that is congruent to 1 modulo 4 is expressible as 
the sum of two squared integers. The proof, in the form we shall give it, employs a 


theorem on congruences due to the Norwegian mathematician Axel Thue. This, in 
its turn, relies on Dirichlet’s famous pigeonhole principle. 


Pigeonhole principle. If n objects are placed in m boxes (or pigeonholes) and if 
n > m, then some box will contain at least two objects. 


Phrased in more mathematical terms, this simple principle asserts that if a set 
with n elements is the union of m of its subsets and if nm > m, then some subset has 
more than one element. 


Lemma Thue’s lemma. Let p be a prime and let gcd(a , p) = 1. Then the congru- 
ence 

ax = y (mod p) 
admits a solution xo, yo, where 


O<|xl</p and 0<|yo| </p 


Proof. Let k = [./p] + 1, and consider the set of integers 
Y={ay—y0ex sk 10s yak= i] 


Because ax — y takes on k” > p possible values, the pigeonhole principle guarantees 
that at least two members of S must be congruent modulo p; call them ax; — y, and 
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aX2 — y2, where x; 4 x2 or yj # y2. Then we can write 

a(x, — x2) = y1 — y2 (mod p) 
Setting x9 = xX; — X2 and yo = yj — yo, it follows that xp and yo provide a solution 
to the congruence ax = y (mod p). If either x9 or yo is equal to zero, then the fact 


that gcd(a , p) = 1 can be used to show that the other must also be zero, contrary to 
assumption. Hence, 0 < |xo| <k —1 < /pand0O < |yo| <k —1 < //p. 


We are now ready to derive the theorem of Fermat that every prime of the form 
4k + 1 can be expressed as the sum of squares of two integers. (In terms of priority, 
Albert Girard recognized this fact several years earlier and the result is sometimes 
referred to as Girard’s theorem.) Fermat communicated his theorem in a letter to 
Mersenne, dated December 25, 1640, stating that he possessed an irrefutable proof. 
However, the first published proof was given by Euler in 1754, who in addition 
succeeded in showing that the representation is unique. 


Theorem 13.2 Fermat. An odd prime p is expressible as a sum of two squares if 
and only if p = 1 (mod 4). 


Proof. Although the “only if” part is covered by Theorem 13.1, let us give a differ- 
ent proof here. Suppose that p can be written as the sum of two squares, let us say 
p =a’ +b’. Because p is a prime, we have p / a and p J b. (If p|a, then p|b’, 
and so p | b, leading to the contradiction that p* | p.) Thus, by the theory of linear con- 
gruences, there exists an integer c for which bc = 1 (mod p). Modulo p, the relation 
(ac)’ + (bc)* = pc* becomes 


(ac)? = —1 (mod p) 


making —1 a quadratic residue of p. At this point, the corollary to Theorem 9.2 comes 
to our aid, for (—1/p) = 1 only when p = 1 (mod 4). 

For the converse, assume that p = 1 (mod 4). Because —1 is a quadratic residue 
of p, we can find an integer a satisfying a* = —1 (mod p); in fact, by Theorem 5.4, 
a = [(p — 1)/2]! is one such integer. Now gcd(a, p) = 1, so that the congruence 


ax = y (mod p) 
admits a solution x9, yo for which the conclusion of Thue’s lemma holds. As a result, 
—xe = a°x = (axo)” = yo (mod p) 
or x + yo = 0 (mod p). This says that 
x9 + Yo = kp 


for some integer k > 1. Inasmuch as 0 < |xo| < ./p and 0 < |yo| < ./p, we obtain 
0 < xé + yp < 2p, the implication of which is thatk = 1. Consequently, x¢ + yg = p, 
and we are finished. 


Counting a* and (—a)* as the same, we have the following corollary. 


Corollary. Any prime p of the form 4k + 1 can be represented uniquely (aside from 
the order of the summands) as a sum of two squares. 
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Proof. To establish the uniqueness assertion, suppose that 
pHe’+hP=c4+a 
where a, b, c, d are all positive integers. Then 
a’d* — b*c* = p(d* — b?) = 0 (mod p) 


whence ad = bc (mod p) or ad = —bc (mod p). Because a, b, c, d are all less than 
./ p, these relations imply that 


ad —bc =0 or ad +bc= p 
If the second equality holds, then we would have ac = bd; for, 
p’ =(a* + b*)\(c* + d*) = (ad + bc)* + (ac — bdy 
= p* + (ac — bd)’ 
and so ac — bd = 0. It follows that either 
ad = bc or ac = bd 


Suppose, for instance, that ad = bc. Then a|bc, with gcd(a, b) = 1, which forces 
a|, c; say, c= ka. The condition ad = bc = b(ka) then reduces to d = bk. But 
p= C+da7= k*(a? + b’) 


implies that k = 1. In this case, we get a = c and b = d. By a similar argument, the 
condition ac = bd leads toa = d and b = c. What is important is that, in either event, 
our two representations of the prime p turn out to be identical. 


Let us follow the steps in Theorem 13.2, using the prime p = 13. One choice 


for the integer a is 6! = 720. A solution of the congruence 720x = y (mod 13), or 
rather, 


5x = y (mod 13) 


is obtained by considering the set 


S={5x-—y|O0<x,y < 4} 


The elements of S are just the integers 


0 5 10 15 
—1 4 9 4 
—2 3 8 13 
=) 2 fF 12 

which, modulo 13, become 

0 5 10 2 
124 9 |] 
11 3 8 O 
10 2 {2 


REPRESENTATION OF INTEGERS AS SUMS OF SQUARES 267 


Among the various possibilities, we have 


OF 


5-1—3 =22=5-3-—0 (mod 13) 


51 — 3) = 3 (mod 13) 


Thus, we may take x9 = —2 and yo = 3 to obtain 


13 = x9 + yg = 27 +37 
Remark. Some authors would claim that any prime p = 1 (mod 4) can be written as 
a sum of squares in eight ways. For with p = 13, we have 
13 = 274 3° = 2? + (—3)* = (—2)? + 3? = (—2)° + (-3)° 
= 342 = 3? + (-2)7 =(-3P +2 =(-3P + (2 
Because all eight representations can be obtained from any one of them by interchang- 
ing the signs of 2 and 3 or by interchanging the summands, there is “essentially” only 


one way of doing this. Thus, from our point of view, 13 is uniquely representable as 
the sum of two squares. 


We have shown that every prime p such that p = 1 (mod 4) is expressible as 


the sum of two squares. But other integers also enjoy this property; for instance, 


10= 1°43" 


The next step in our program is to characterize explicitly those positive integers that 
can be realized as the sum of two squares. 


Theorem 13.3. Let the positive integer n be written as n = N*m, where m is square- 
free. Then n can be represented as the sum of two squares if and only if m contains no 
prime factor of the form 4k + 3. 


Proof. To start, suppose that m has no prime factor of the form 4k + 3. If m = 1, then 
n = N* + 0? and we are through. In the case in which m > 1, let m = p, p2--- p; be 
the factorization of m into a product of distinct primes. Each of these primes p;, being 
equal to 2 or of the form 4k + 1, can be written as the sum of two squares. Now, the 
identity 


(a? + b*)(c? + d*) = (ac + bdy + (ad — bey 


shows that the product of two (and, by induction, any finite number) integers, each 
of which is representable as a sum of two squares, is likewise so representable. Thus, 
there exist integers x and y satisfying m = x? + y*. We end up with 


n= N?2m = N?(x? + y*) = (Nx)? + (Nyy 


a sum of two squares. 
Now for the opposite direction. Assume that n can be represented as the sum of 
two squares 


n=a’?+b*’=N’m 
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and let p be any odd prime divisor of m (without loss of generality, it may be assumed 
that m > 1). Ifd = gcd(a, b), thena = rd, b = sd, where gcd(r, s) = 1. We get 


d*(r* +. s*) = N’m 


and so, m being square-free, d? | N*. But then 


N2 
P4s=(F)m=tp 


for some integer tf, which leads to 
r? +57 =0 (mod P) 


Now the condition gcd(r , s) = 1 implies that one of r or s, say r, is relatively prime 
to p. Let r’ satisfy the congruence 


rr’ = 1 (mod p) 
When the equation r? + s? = 0 (mod p) is multiplied by (r’)*, we obtain 
(sr)? + 1 =0 (mod p) 


or, to put it differently, (—1/p) = 1. Because —1 is a quadratic residue of p, Theorem 
9.2 ensures that p = 1 (mod 4). The implication of our reasoning is that there is no 
prime of the form 4k + 3 that divides m. 


The following is a corollary to the preceding analysis. 


Corollary. A positive integer n is representable as the sum of two squares if and only 
if each of its prime factors of the form 4k + 3 occurs to an even power. 


Example 13.1. The integer 459 cannot be written as the sum of two squares, because 
459 = 3° - 17, with the prime 3 occurring to an odd exponent. On the other hand, 
153 = 3% - 17 admits the representation 


153 = 3°(4* + 17) = 12 4. 3? 
Somewhat more complicated is the example n = 5 - 7” - 13 - 17. In this case, we have 
n=7T -5-13-17=77°(2? + 17)(3* + 2°)(47 + 1’) 
Two applications of the identity appearing in Theorem 13.3 give 
(37 + 2°(4" + 1°) = (124+ 2° + (3 - 87 = 14° +5? 
and 
(27 + 17)(14? +57) = (28 +. 5)* + (10 — 14)* = 337 4. 4? 
When these are combined, we end up with 


n = 7°(337 + 4’) = 2317 + 287 


There exist certain positive integers (obviously, not primes of the form 4k + 1) 


that can be represented in more than one way as the sum of two squares. The smallest 


1S 


25=47+3*°=5°+0° 


REPRESENTATION OF INTEGERS AS SUMS OF SQUARES 269 


If a = b (mod 2), then the relation 


= (45*) -() 


allows us to manufacture a variety of such examples. Take n = 153 as an illustration; 


here, 
iF ES\" [7 9\- 
153 =17-9= a ca (eee 
2 ”) 
and 
5143)" Si = 3\" 
153 =51-3= a: Sf eee a 7 a 
2 2 
so that 


13°24? 27° = 24° 
This yields the two distinct representations 
27° + 4° = 24° + 137 = 745 
At this stage, a natural question should suggest itself: What positive integers 


admit a representation as the difference of two squares? We answer this below. 


Theorem 13.4. A positive integer n can be represented as the difference of two squares 
if and only if n is not of the form 4k + 2. 
Proof. Because a* = 0 or 1 (mod 4) for all integers a, it follows that 

a’ — b’ = 0, 1, or 3 (mod 4) 


Thus, if n = 2 (mod 4), we cannot have n = a* — b” for any choice of a and b. 

Turning affairs around, suppose that the integer n is not of the form 4k + 2; that 
is to say, n = 0, 1, or 3 (mod 4). If n = 1 or 3 (mod 4), then n + 1 and n — 1 are both 
even integers; hence, n can be written as 


-_ (eth (=) 
2 2 
a difference of squares. If n = 0 (mod 4), then we have 
n 2 n 2 
pa) age) 


Corollary. An odd prime is the difference of two successive squares. 


Examples of this last corollary are afforded by 


11=—6°-—5 17 = 9° — 8? 29 = 15* — 14? 
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Another point worth mentioning is that the representation of a given prime p as 
the difference of two squares is unique. To see this, suppose that 


p=a’—b* =(a—b)\a+b) 
where a > b > 0. Because 1 and p are the only factors of p, necessarily we have 
a—b=] and a+b=p 


from which it may be inferred that 


pt+i 
Ce and b = —— 
2 2 
Thus, any odd prime p can be written as the difference of the squares of two integers 
in precisely one way; namely, as 


r= (E!) C54) 


A different situation occurs when we pass from primes to arbitrary integers. 
Suppose that n is a positive integer that is neither prime nor of the form 4k + 2. 
Starting with a divisor d of n, put d’ = n/d (it is harmless to assume that d > da’). 
Now if d and d’ are both even, or both odd, then (d + d’)/2 and (d — d’)2 are integers. 
Furthermore, we may write 


1\ 2 = / 2 
a oe d+d 7 d—d 
2 Z 


By way of illustration, consider the integer n = 24. Here, 


(249 \" fo 
24 = 12-2=( - ) -(=) — 7 — 5 


64\" (6=4\" 
OAct Gn EN ee) ees 
ae ie ew 


giving us two representations for 24 as the difference of squares. 


and 


PROBLEMS 13.2 


1. Represent each of the primes 113, 229, and 373 as a sum of two squares. 
2. (a) It has been conjectured that there exist infinitely many prime numbers p such that 
p =n’ +(n+1) for some positive integer n; for example, 5 = 17 + 2” and 13 = 
2* + 3°. Find five more of these primes. 
(b) Another conjecture is that there are infinitely many prime numbers p of the form 
p = 2° + p*, where p, is a prime. Find five such primes. 
3. Establish each of the following assertions: 
(a) Each of the integers 2”, where n = 1, 2,3,..., is asum of two squares. 
(b) If n = 3 or 6 (mod 9), then n cannot be represented as a sum of two squares. 
(c) If n is the sum of two triangular numbers, then 4n + 1 is the sum of two squares. 


10. 


11. 


12. 


13. 


14. 
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(d) Every Fermat number F,, = 2”° + 1, where n > 1, can be expressed as the sum of 
two squares. 

(e) Every odd perfect number (if one exists) is the sum of two squares. 
[Hint: See the Corollary to Theorem 11.7.] 


. Prove that a prime p can be written as a sum of two squares if and only if the congruence 


x* + 1 = 0 (mod p) admits a solution. 


. (a) Show that a positive integer n is a sum of two squares if and only if n = 2a7b, 


where m > 0, a is an odd integer, and every prime divisor of b is of the form 
4k +1. 

(b) Write the integers 3185 =5-7*-13; 39690 =2-3*-5-7%; and 62920= 
2? -5-11%- 13 as asum of two squares. 


. Find a positive integer having at least three different representations as the sum of two 


squares, disregarding signs and the order of the summands. 
[Hint: Choose an integer that has three distinct prime factors, each of the form 4k + 1.] 


. If the positive integer n is not the sum of squares of two integers, show that n cannot be 


represented as the sum of two squares of rational numbers. 

[Hint: By Theorem 13.3, there is a prime p = 3 (mod 4) and an odd integer k such that 
p*|n, whereas p*t! J} n. If n = (a/b)? + (c/d)’, then p will occur to an odd power 
on the left-hand side of the equation n(bd)* = (ad)* + (bc)’, but not on the right-hand 
side. ] 


. Prove that the positive integer n has as many representations as the sum of two squares 


as does the integer 2n. 
[Hint: Starting with a representation of n as a sum of two squares, obtain a similar 
representation for 2n, and conversely. ] 


. (a) If n is a triangular number, show that each of the three successive integers 8n”, 


8n” + 1, 8n* + 2 can be written as a sum of two squares. 

(b) Prove that of any four consecutive integers, at least one is not representable as a sum 
of two squares. 

Prove the following: 

(a) If a prime number is the sum of two or four squares of different primes, then one of 
these primes must be equal to 2. 

(b) If a prime number is the sum of three squares of different primes, then one of these 
primes must be equal to 3. 

(a) Let p be an odd prime. If p|a? +7, where gcd(a, b) = 1, prove that the prime 
p = 1 (mod 4). 
[Hint: Raise the congruence a? = —b? (mod p) to the power (p — 1)/2 and apply 
Fermat’s theorem to conclude that (—1)?~)/* = 1.] 

(b) Use part (a) to show that any positive divisor of a sum of two relatively prime squares 
is itself a sum of two squares. 

Establish that every prime number p of the form 8k + 1 or 8k +3 can be written as 

p = a’ + 2b? for some choice of integers a and b. 

[Hint: Mimic the proof of Theorem 13.2.] 

Prove the following: 

(a) A positive integer is representable as the difference of two squares if and only if it is 
the product of two factors that are both even or both odd. 

(b) A positive even integer can be written as the difference of two squares if and only if 
it is divisible by 4. 

Verify that 45 is the smallest positive integer admitting three distinct representations as 

the difference of two squares. 

[Hint: See part (a) of the previous problem. ] 
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15. For any n > 0, show that there exists a positive integer that can be expressed in n distinct 
ways as the difference of two squares. 
[Hint: Note that, fork = 1,2,...,n, 

q2nt+l = Qa 4 Deine -_ On = Qe Ny? 

16. Prove that every prime p = 1 (mod 4) divides the sum of two relatively prime squares, 
where each square exceeds 3. 
[Hint: Given an odd primitive root r of p, we have r* = 2 (mod p) for some k; hence 
rtkt+(p—)/4} = —4 (mod p).] 2 

17. For a prime p = 1 or 3 (mod 8), show that the equation x” + 2y* = p has a solution. 

18. The English number theorist G. H. Hardy relates the following story about his young 
protégé Ramanujan: “I remember going to see him once when he was lying ill in Putney. 
I had ridden in taxi-cab No. 1729, and remarked that the number seemed to me rather a 
dull one, and that I hoped it was not an unfavorable omen. ‘No,’ he reflected, ‘it is a very 
interesting number; it is the smallest number expressible as the sum of two cubes in two 
different ways.”’ Verify Ramanujan’s assertion. 


13.3 SUMS OF MORE THAN TWO SQUARES 


Although not every positive integer can be written as the sum of two squares, what 
about their representation in terms of three squares (0° still permitted)? With an 
extra square to add, it seems reasonable that there should be fewer exceptions. For 
instance, when only two squares are allowed, we have no representation for such 
integers as 14, 33, and 67, but 


14S 3" a2 {7 33 — 5° 42° 42° 67 = 7 + 37 + 3? 


It is still possible to find integers that are not expressible as the sum of three squares. 
Theorem 13.5 speaks to this point. 


Theorem 13.5. No positive integer of the form 4”(8m + 7) can be represented as the 
sum of three squares. 


Proof. To start, let us show that the integer 8 + 7 is not expressible as the sum of 
three squares. For any integer a, we have a” = 0, 1, or 4 (mod 8). It follows that 


a’ + b? +c* =0, 1, 2, 3, 4, 5, or 6 (mod 8) 
for any choice of integers a, b, c. Because we have 8m + 7 = 7 (mod 8), the equation 
a* + b* + c* = 8m +7 is impossible. 
Next, let us suppose that 4”(8m + 7), where n > 1, can be written as 
A"(8m +7) =a? +b% 4+? 
Then each of the integers a, b, c must be even. Putting a = 2a,,b = 2b,,c = 2c,, we get 
4"-!(8m +7) = ay + bf + cf 


If n — 1 > 1, the argument may be repeated until 8m + 7 is eventually represented 
as the sum of three squared integers; this, of course, contradicts the result of the first 
paragraph. 


We can prove that the condition of Theorem 13.5 is also sufficient in order that 
a positive integer be realizable as the sum of three squares; however, the argument 
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is much too difficult for inclusion here. Part of the trouble is that, unlike the case of 
two (or even four) squares, there is no algebraic identity that expresses the product 
of sums of three squares as a sum of three squares. 

With this trace of ignorance left showing, let us make a few historical remarks. 
Diophantus conjectured, in effect, that no number of the form 8m + 7 is the sum 
of three squares, a fact easily verified by Descartes in 1638. It seems fair to credit 
Fermat with being the first to state in full the criterion that a number can be written 
as a sum of three squared integers if and only if it is not of the form 4”(8m + 7), 
where m and n are nonnegative integers. This was proved in a complicated manner 
by Legendre in 1798 and more clearly (but by no means easily) by Gauss in 1801. 

As just indicated, there exist positive integers that are not representable as the 
sum of either two or three squares (take 7 and 15, for simple examples). Things 
change dramatically when we turn to four squares: There are no exceptions at all! 

The first explicit reference to the fact that every positive integer can be written as 
the sum of four squares, counting 0*, was made by Bachet (in 1621) and he checked 
this conjecture for all integers up to 325. Fifteen years later Fermat claimed that he 
had a proof using his favorite method of infinite descent; however, as usual, he gave 
no details. Both Bachet and Fermat felt that Diophantus must have known the result; 
the evidence is entirely conjectural: Diophantus gave necessary conditions in order 
that a number be the sum of two or three squares, while making no mention of a 
condition for a representation as a sum of four squares. 

One measure of the difficulty of the problem is the fact that Euler, despite his 
brilliant achievements, wrestled with it for more than 40 years without success. 
Nonetheless, his contribution toward the eventual solution was substantial; Euler 
discovered the fundamental identity that allows one to express the product of two 
sums of four squares as such a sum, and the crucial result that the congruence 
x* + y? +1 =0 (mod p) is solvable for any prime p. A complete proof of the 
four-square conjecture was published by Lagrange in 1772, who acknowledged his 
indebtedness to the ideas of Euler. The next year, Euler offered a much simpler 
demonstration, which is essentially the version to be presented here. 

It is convenient to establish two preparatory lemmas, so as not to interrupt the 
main argument at an awkward stage. The proof of the first contains the algebraic 
identity (Euler’s identity) that allows us to reduce the four-square problem to the 
consideration of prime numbers only. 


Lemmal_ Euler. If the integers m and n are each the sum of four squares, then mn 
is likewise so representable. 


Proof. If m = a; + a5 +. a3 + aj andn = b? + b5 +b; + bj for integers a;, b;, then 


mn = (a; + a3 +. a3 + aZ)(b7 + bs + b§ + bf) 
= (a,b, + agb2 + a3b3 + agba)* 
+ (aby — agb; + a3b4 — agb3)° 
+ (a,b3 — agby — a3b, + agbo)° 
+ (ayb4 + a2b3 — a3b2 — agb,) 
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We confirm this cumbersome identity by brute force: Just multiply everything out and 
compare terms. The details are not suitable for the printed page. 


Another basic ingredient in our development is Lemma 2. 


Lemma 2. If p is an odd prime, then the congruence 
x* + y?+1=0 (mod p) 
has a solution x9, yo where 0 < xp < (p — 1)/2 andO < yo < (p — 1)/2. 


Proof. The idea of the proof is to consider the following two sets: 


a fey 
sia [vor re.te (254) 


me eo 
= [0 = eee (2) 


No two elements of the set S; are congruent modulo p. For if 1 + x? = 1 + x3 (mod p), 
then either x; = x2 (mod p) or x; = —x2 (mod p). But the latter consequence is 
impossible, because 0 < x; + x2 < p (unless x; = x2 = 0), whence x; = x2 (mod p), 
which implies that x; = x2. In the same vein, no two elements of Sj are congruent 
modulo p. 

Together S, and Sz contain 2[1 + 5( p — 1)] = p + 1 integers. By the pigeonhole 
principle, some integer in S; must be congruent modulo p to some integer in S$»; that 
is, there exist x9, yo such that 


1 + x9 = —yo (mod p) 
where 0 < x9 < (p — 1)/2 and O < yo < (p — 1)/2. 


Corollary. Given an odd prime p, there exists an integer k < p such that kp is the 
sum of four squares. 


Proof. According to the theorem, we can find integers xo and yo, 
Pp p 
0O<x< = O<y< = 
S Xo 7 + Yo 5 


such that 
xp + yo + 1° +0° = kp 
for a suitable choice of k. The restrictions on the size of x9 and yo imply that 


DP 
kp=xotyt+l< 7+ [+1 <p 


and so k < p, as asserted in the corollary. 


Example 13.2. We digress for a moment to look at an example. If we take p = 17, 
then the sets S; and S» become 


S; = {1, 2,5, 10, 17, 26, 37, 50, 65} 
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and 
S> = {0, -—1, —4, —9, —16, —25, —36, —49, —64} 


Modulo 17, the set S; consists of the integers 1, 2, 5, 10, 0, 9, 3, 16, 14, and those in S$ 
are 0, 16, 13, 8, 1, 9, 15, 2, 4. Lemma 2 tells us that some member 1 + x? of the first 
set is congruent to some member — y” of the second set. We have, among the various 
possibilities, 


14+5* =9 = —5* (mod 17) 
or 1 + 5* + 5% =0 (mod 17). It follows that 
3-17= 17457 457+ 07 


is a multiple of 17 written as a sum of four squares. 


The last lemma is so essential to our work that it is worth pointing out another 
approach, this one involving the theory of quadratic residues. If p = 1 (mod 4), 
we may choose xo to be a solution of x7 = —1 (mod p) (this is permissible by the 
corollary to Theorem 9.2) and yo = 0 to get 


xp + yg + 1 = 0 (mod p) 


Thus, it suffices to concentrate on the case p = 3 (mod 4). We first pick the integer 
a to be the smallest positive quadratic nonresidue of p (keep in mind that a > 2, 
because | is a quadratic residue). Then 


(—a/p) =(-1/p)a/p) = (-1X\-)D = 1 


so that —a is a quadratic residue of p. Hence, the congruence 


x’ = —a (mod p) 


admits a solution x9, with 0 < x9 < (p — 1)/2. Now a — 1, being positive and 
smaller than a, must itself be a quadratic residue of p. Thus, there exists an integer 
yo, where 0 < yo < (p — 1)/2, satisfying 
y” =a —1(mod p) 
The conclusion is 
x6 + yp +1 = —-a+(a—1)+1=0 (mod p) 


With these two lemmas among our tools, we now have the necessary information 
to carry out a proof of the fact that any prime can be realized as the sum of four 
squared integers. 


Theorem 13.6. Any prime p can be written as the sum of four squares. 


Proof. The theorem is certainly true for p = 2, because 2 = 1* + 1* + 0* + 0°. Thus, 
we may hereafter restrict our attention to odd primes. Let k be the smallest positive 
integer such that kp is the sum of four squares; say, 


kp=x?+y+2°+w? 
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By virtue of the foregoing corollary, k < p. The crux of our argument is that k = 1. 

We make a start by showing that k is an odd integer. For a proof by contradiction, 
assume that k is even. Then x, y, z, w are all even; or all are odd; or two are even and 
two are odd. In any event, we may rearrange them, so that 


x = y (mod 2) and Z =w (mod 2) 


It follows that 
X y x + y a Ww Z+w 


are all integers and 


fy 7 x+y \’ z—-w)\? z+tw\? 
at= (557) + (*) +S) +) 


is a representation of (k/2)p as asum of four squares. This violates the minimal nature 
of k, giving us our contradiction. 

There still remains the problem of showing that k = 1. Assume that k 4 1; then 
k, being an odd integer, is at least 3. It is therefore possible to choose integers a, b, c, 
d such that 


a = x (mod k) b = y (mod k) c = z(mod k) d = w (mod k) 


and 


k k k k 
lal< 5 |bl<5 lel<5 Id) <5 
2 2 2 2 


(To obtain the integer a, for instance, find the remainder r when x is divided by k; put 
a=rora=r-—k according asr < k/2 orr > k/2.) Then 


aap ee a Sg ay ag a = 0 (mod k) 
and therefore 
a® +b* +c? +d? =nk 


for some nonnegative integer n. Because of the restrictions on the size of a, b, c, d, 
k\2 
O<nk=a 4b 4+¢40 <4(5) = k? 


We cannot have n = 0, because this would signify that a = b = c = d = 0 and, in 
consequence, that k divides each of the integers x, y, z, w. Then k? | kp, ork | p, which 
is impossible in light of the inequality 1 < k < p. The relation nk < k? also allows us 
to conclude that n < k. In summary: 0 < n < k. Combining the various pieces, we get 
k?np = (kp)(kn) = (x* + y? +27 +w*)(a? +b? +. c* +d’) 
Se ay 

where 

r=xa+yb+zc+wd 

s=xb—ya+zd—we 

t=xc — yd —-za+wb 

u=xd+yc-—zb—wa 
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It is important to observe that all four of r, s, t, u are divisible by k. In the case of the 
integer r, for example, we have 


r=xa+tyb+zc+wd =a’? +b* +c? +d* =0(modk) 


Similarly, s = t =u = 0 (mod k). This leads to the representation 


r\2 S\2 rate U2 
oN) (z) $) 
where r/k, s/k, t/k, u/k are all integers. Because 0 < n < k, we therefore arrive at 


a contradiction to the choice of k as the smallest positive integer for which kp is the 
sum of four squares. With this contradiction, k = 1, and the proof is finally complete. 


This brings us to our ultimate objective, the classical result of Lagrange. 


Theorem 13.7 Lagrange. Any positive integer 1 can be written as the sum of four 
squares, some of which may be zero. 


Proof. Clearly, the integer 1 is expressible as 1 = 1* + 0? + 0? + 0”, a sum of four 
squares. Assume that n > 1 and letn = p, p2--- p; be the factorization of n into (not 
necessarily distinct) primes. Because each p; is realizable as a sum of four squares, 
Euler’s identity permits us to express the product of any two primes as a sum of four 
squares. This, by induction, extends to any finite number of prime factors, so that 
applying the identity r — 1 times, we obtain the desired representation for n. 


Example 13.3. To write the integer 459 = 3° - 17 as the sum of four squares, we use 
Euler’s identity as follows: 
459 = 37 -3-17 
— 32(12 4 124. 12 4. 0242 + 12 + 02 +02) 
= 37((44+14+0+0)+( —-4+0-0) 
+ (0-0-—4+0)°+(0+0-1-0)’] 
— 32[52 4324.42 4 1] 
= 15*4 9% + 12? + 3? 


Although squares have received all our attention so far, many of the ideas in- 
volved generalize to higher powers. 

In his book, Meditationes Algebraicae (1770), Edward Waring stated that each 
positive integer is expressible as a sum of at most 9 cubes, also a sum of at most 19 
fourth powers, and so on. This assertion has been interpreted to mean the following: 
Can each positive integer be written as the sum of no more than a fixed number g(k) 
of kth powers, where g(k) depends only on k, not the integer being represented? In 
other words, for a given k, a number g(k) is sought such that every n > O can be 
represented in at least one way as 


n= ai +a +--- +a 


where the qa; are nonnegative integers, not necessarily distinct. The resulting problem 
was the starting point of a large body of research in number theory on what has 


278 ELEMENTARY NUMBER THEORY 


become known as “Waring’s problem.” There seems little doubt that Waring had 
limited numerical grounds in favor of his assertion and no shadow of a proof. 

As we have reported in Theorem 13.7, g(2) = 4. Except for squares, the first case 
of a Waring-type theorem actually proved is attributed to Liouville (1859): Every 
positive integer is asum of at most 53 fourth powers. This bound for g(4) is somewhat 
inflated, and through the years it was progressively reduced. The existence of g(k) 
for each value of k was resolved in the affirmative by Hilbert in 1909; unfortunately, 
his proof relies on heavy machinery (including a 25-fold integral at one stage) and 
is in nO way constructive. 

Once it is known that Waring’s problem admits a solution, a natural question 
to pose is “How big is g(k)?” There is an extensive literature on this aspect of the 
problem, but the question itself is still open. A sample result, due to Leonard Dickson, 
is that g(3) = 9, whereas 


D3? DS pn aa ee ae fee fe 
and 
939 20 a. AP ABP as PB ee 


are the only integers that actually require as many as 9 cubes in their representation; 
each integer greater than 239 can be realized as the sum of at most 8 cubes. In 1942, 
Linnik proved that only a finite number of integers need 8 cubes; from some point 
onward 7 will suffice. Whether 6 cubes are also sufficient to obtain all but finitely 
many positive integers is still unsettled. 

The cases k = 4andk = 5 have turned out to be the most subtle. For many years, 
the best-known result was that g(4) lay somewhere in the range 19 < g(4) < 35, 
whereas g(5) satisfied 37 < g(5) < 54. Subsequent work (1964) has shown that 
g(5) = 37. The upper bound on g(4) was decreased dramatically during the 1970s, 
the sharpest estimate being g(4) < 22. It was also proved that every integer less than 
10'4° or greater than 10°° can be written as a sum of at most 19 fourth powers; thus, in 
principle, g(4) could be calculated. The relatively recent (1986) announcement that, 
in fact, 19 fourth powers suffice to represent all integers settled this case completely. 
As far as k > 6 1s concerned, it has been established that the formula 


g(k) = [(3/2)*] + 2" —2 


holds, except possibly for a finite number of values of k. There is considerable 
evidence to suggest that this expression is correct for all k. 

For k > 3, all sufficiently large integers require fewer than g(k) kth powers in 
their representations. This suggests a general definition: Let G(x) denote the smallest 
integer r with the property that every sufficiently large integer is the sum of at most r 
kth powers. Clearly, G(k) < g(k). Exact values of G(x) are known only in two cases; 
namely, G(2) = 4 and G(4) = 16. Linnik’s result on cubes indicates that G(3) < 7, 
while as far back as 1851 Jacobi conjectured that G(3) < 5. Although more than 
half a century has passed without an improvement in the size of G(3), nevertheless, 
it is felt that G(3) = 4. In recent years, the bounds G(5) < 17 and G(6) < 24 have 
been established. 
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Below are listed known values and estimates for the first few g(k) and G(k): 


g(2) =4 G(2) = 4 
g(3) =9 4< G(3) <7 
(4) = 19 G(4) = 16 
(5) = 37 6 < G(5) <17 
9(6) = 73 9 < G(6) < 24 
9(7) = 143 8 < G(7) < 33 


2(8)=279 32<G(8)<42 


Another problem that has attracted considerable attention is whether an nth 
power can be written as a sum of n nth powers, with n > 3. Progress was first made 
in 1911 with the discovery of the smallest solution in fourth powers, 


353* = 307 + 120* + 2724 + 315% 
In fifth powers, the smallest solution is 
72° = 19° + 43° + 46 + 47 + 67° 


However, for sixth or higher powers no solution is yet known. 

There is a related question; it may be asked, “Can an nth power ever be the sum 
of fewer than n nth powers?” Euler conjectured that this is impossible; however, in 
1968, Lander and Parkin came across the representation 


144° = 27° + 84° + 110° 4+ 133° 


With the subsequent increase in computer power and sophistication, N. Elkies was 
able to show (1987) that for fourth powers there are infinitely many counterexamples 
to Euler’s conjecture. The one with the smallest value is 


422481* = 958007 + 2175197 + 4145607 


PROBLEMS 13.3 


1. Without actually adding the squares, confirm that the following relations hold: 
(ay 172 2? 43? few a3? AF 70. 
(b) 187 + 19? + 20? + --- 4+ 277 + 28? = 77". 
(c) 274574 8% 4...+4 23% + 267 = 487. 
(d) 67 + 12? + 18% + --- +42? + 48? = 95? — 417. 
2. Regiomontanus proposed the problem of finding 20 squares whose sum is a square greater 
than 300,000. Furnish two solutions. 
[Hint: Consider the identity 


(Gy hay a) a, ay ee, OF) 
+(2a1an)° oF (2aya,)" aa (24y—14n)*-] 
3. If p= q? “+ qs + qs, where Pp, 91, G2, and q3 are all primes, show that some qg; = 3. 
4. Establish that the equation a” + b? + c* +a+b+c = 1has no solution in the integers. 


[Hint: The equation in question is equivalent to the equation (2a + 1)* + (2b+1)* + 
(2c+ 1)? =7.] 
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5. 
6. 


7. 


8. 


10. 
11. 


12. 


13. 


14. 


15. 
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For a given positive integer n, show that n or 2n is a sum of three squares. 

An unanswered question is whether there exist infinitely many prime numbers p such 

that p =n? + (n+ 1)?+(n +4 2)’, for some n > O. Find three of these primes. 

In our examination of n = 459, no representation as a sum of two squares was found. 

Express 459 as a sum of three squares. 

Verify each of the statements below: 

(a) Every positive odd integer is of the form a? + b* + 2c”, where a, b, c are integers. 
[Hint: Given n > 0, 4n + 2 can be written as 4n + 2 = x* + y* + 2’, with x and y 
odd and z even. Then 


x+y 5 x-y ; Z\2 
an 1 =( ; ) +( 5 ) 4+2(5) J 
(b) Every positive integer is either of the form a* + b* + c? or a? + b? + 2c’, where a, 
b, c are integers. 
[Hint: If n > 0 cannot be written as a sum a? + b* +c’, then it is of the form 
4”(8k + 7). Apply part (a) to the odd integer 8k + 7.] 
(c) Every positive integer is of the form a” + b? — c*, where a, b, c are integers. 
[Hint: Given n > 0, choose a such that n — a” is a positive odd integer and use 
Theorem 13.4.] 


. Establish the following: 


(a) No integer of the form 9k + 4 or 9k + 5 can be the sum of three or fewer cubes. 
(Hint: Notice that a? = 0, 1, or 8 (mod 9) for any integer a.] 

(b) The only prime p that is representable as the sum of two positive cubes is p = 2. 
[Hint: Use the identity 


abi +b? =(a+b)\((a — by +ab).] 


(c) A prime p can be represented as the difference of two cubes if and only if it is of the 
form p = 3k(k + 1) + 1, for some k. 
Express each of the primes 7, 19, 37, 61, and 127 as the difference of two cubes. 
Prove that every positive integer can be represented as a sum of three or fewer triangular 
numbers. 
[Hint: Given n > O, express 8n + 3 as asum of three odd squares and then solve for n.] 
Show that there are infinitely many primes p of the form p = a? + b* +c? +1, where 
a, b, c are integers. 
[Hint: By Theorem 9.8, there are infinitely many primes of the form p = 8k + 7. Write 
p—1=8k+6=a’?+b* +c? for some a, b, c.] 
Express the integers 231 = 3- 7-11, 391 = 17-23, and 2109 = 37 - 57 as sums of four 
Squares. 
(a) Prove that every integer n > 170 is a sum of five squares, none of which are equal 
to zero. 
[Hint: Write n — 169 = a? + b? +c? +d? for some integers a, b, c, d and consider 
the cases in which one or more of a, b, c is zero. ] 
(b) Prove that any positive multiple of 8 is a sum of eight odd squares. 
[Hint: Assuming n = a* + b? +c? +d’, then 8n + 8 is the sum of the squares of 
2a+1,2b+1,2c+1, and 2d + 1.] 
From the fact that n? = n (mod 6) conclude that every integer n can be represented as 
the sum of the cubes of five integers, allowing negative cubes. 
[Hint: Utilize the identity 


i S6han =C ly Hea 17 eee 


16. 


17. 


18. 
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Prove that every odd integer is the sum of four squares, two of which are consecutive. 
[Hint: For n > 0, 4n + 1 is a sum of three squares, only one being odd; notice that 
4n +1 = (2a)? + (2b + (2c +1) gives 2n+1l=(a+byP+(a—byYte7t+ 
(en) 

Prove that there are infinitely many triangular numbers that are simultaneously express- 
ible as the sum of two cubes and the difference of two cubes. Exhibit the representations 
for one such triangular number. 

[Hint: In the identity 


(27k°)? — 1 = (9k* — 3k)? + (9k? — 15% 
= (9k* + 3k) — (9k? + 17 
take k to be an odd integer to get 
(2n +1)? —1 = (2a) + (2b) = (2cy — ay 


or equivalently, 4, = a> +b? = c? — d>|] 

(a) If n — 1 andn + 1 are both primes, establish that the integer 2n? + 2 can be repre- 
sented as the sum of 2, 3, 4, and 5 squares. 

(b) Illustrate the result of part (a) in the cases in which n = 4, 6, and 12. 


CHAPTER 
FIBONACCI NUMBERS 


... What is physical is subject to the laws of mathematics, and what is 
spiritual to the laws of God, and the laws of mathematics are but the 
expression of the thoughts of God. 

THOMAS HILL 


14.1 FIBONACCI 


Perhaps the greatest mathematician of the Middle Ages was Leonardo of Pisa (1180-— 
1250), who wrote under the name of Fibonacci—a contraction of “‘filius Bonacci,” 
that is, Bonacci’s son. Fibonacci was born in Pisa and educated in North Africa, 
where his father was in charge of a customhouse. In the expectation of entering 
the mercantile business, the youth traveled about the Mediterranean visiting Spain, 
Egypt, Syria, and Greece. The famous Liber Abaci, composed upon his return to Italy, 
introduced the Latin West to Islamic arithmetic and algebraic mathematical practices. 
A briefer work of Fibonacci’s, the Liber Quadratorum (1225), is devoted entirely 
to Diophantine problems of second degree. It is regarded as the most important 
contribution to Latin Middle-Ages number theory before the works of Bachet and 
Fermat. Like those before him, Fibonacci allows (positive) real numbers as solutions. 
One problem, for instance, calls for finding a square that remains square when 
increased or decreased by 5; that is, obtain a simultaneous solution to the pair of 
equations x7 + 5 = y*, x7 — 5 = z”, where x, y, z are unknowns. Fibonacci gave 
41/12 as an answer, for 


(41/12)? +5 =(49/12)*, (41/12)? — 5 = (31/12) 
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Leonardo of Pisa (Fibonacci) 
(1180-1250) 


(David Eugene Smith Collection, Rare Book and 
Manuscript Library, Columbia University) 


Also noteworthy is the remarkably accurate estimate in 1224 of the only real root 
of the cubic equation x? + 2x? + 10x = 20. His value, in decimal notation, of 
1.3688081075 ..., is correct to nine decimal places. 

Christian Europe became acquainted with the Hindu-Arabic numerals through 
the Liber Abaci, which was written in 1202 but survives only in a revised 1228 
edition. (The word “Abaci” in the title does not refer to the abacus, but rather means 
counting in general.) Fibonacci sought to explain the advantages of the Eastern 
decimal system, with its positional notation and zero symbol, “in order that the 
Latin race might no longer be deficient in that knowledge.” The first chapter of his 
book opens with the following sentence: 


These are the nine figures of the Indians: 
9 8 7 65 4 3 2 J 


With these nine figures, and with this sign 0... any number may 
be written, as will be demonstrated. 


General acceptance of the new numerals had to wait for another two centuries. 
In 1299, the city of Florence issued an ordinance forbidding merchants from us- 
ing the Arabic symbols in bookkeeping, ordering them either to employ Roman 
numerals or to write out numerical words in full. The decree was probably due to 
the great variation in the shapes of certain digits—some quite different from those 
used today—and the consequent opportunity for ambiguity, misunderstanding, and 
outright fraud. While the zero symbol, for instance, might be changed to a 6 or a9, 
it is not so easy to falsify Roman numerals. 

It is ironic that, despite his many achievements. Fibonacci is remembered today 
mainly because the 19th century number theorist Edouard Lucas attached his name 
to a certain infinite set of positive integers that arose in a trivial problem in the Liber 
Abaci. This celebrated sequence of integers 


1g S52; 35.9; 8;.10, 215.94; Js 094k 


occurs in nature in a variety of unexpected ways. For instance, lilies have 3 petals, 
buttercups 5, marigolds 13, asters 21, while most daisies have 34, 55, or 89 petals. 
The seeds of a sunflower head radiate from its center in two families of interlaced 
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spirals, one winding clockwise and the other counterclockwise. There are usually 
34 spirals twisting clockwise and 55 in the opposite direction, although some large 
heads have been found with 55 and 89 spirals present. The number of whorls of scale 
of a pineapple or a fir cone also provides excellent examples of numbers appearing 
in Fibonacci’s sequence. 


14.2 THE FIBONACCI SEQUENCE 


In the Liber Abaci, Fibonacci posed the following problem dealing with the number 
of offspring generated by a pair of rabbits conjured up in the imagination: 


A man put one pair of rabbits in a certain place entirely surrounded by a wall. How 
many pairs of rabbits can be produced from that pair in a year, if the nature of these 
rabbits is such that every month each pair bears a new pair which from the second 
month on becomes productive? 


Assuming that none of the rabbits dies, then a pair is born during the first month, 
so that there are two pairs present. During the second month, the original pair has 
produced another pair. One month later, both the original pair and the firstborn pair 
have produced new pairs, so that three adult and two young pairs are present, and 
so on. (The figures are tabulated in the chart below.) The point to bear in mind is 
that each month the young pairs grow up and become adult pairs, making the new 
“adult” entry the previous one plus the previous “young” entry. Each of the pairs 
that was adult last month produces one young pair, so that the new “young” entry is 
equal to the previous “adult” entry. 
When continued indefinitely, the sequence encountered in the rabbit problem 


Led 2..95 95-05-1352) 9499;.89 1442533.) oes 


is called the Fibonacci sequence and its terms the Fibonacci numbers. The position 
of each number in this sequence is traditionally indicated by a subscript, so that 
uy = 1, u2 = 1, uz = 2, and so forth, with uv, denoting the nth Fibonacci number. 


Growth of rabbit colony 


Months Adultpairs Young pairs Total 


1 1 1 Z 
2 Z f 3 
3 3 2 5 
4 5 3 8 
5 8 2) 13 
6 13 8 21 
7 21 13 34 
8 34 21 =) 
9 55 34 89 
10 89 mp) 144 
11 144 89 233 


12 233 144 377 
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The Fibonacci sequence exhibits an intriguing property, namely, 


2=1+1 or u3=Uo+ Uy 
3=2+1 or U4 = U3 + Up 
5=342 or us =u4t+ U3 

=5+3 or U6 = Us + ug 


By this time, the general rule of formulation should be discernible: 
uj; =u2= 1 Un = Un—| + Un? forn > 3 


That is, each term in the sequence (after the second) is the sum of the two that 
immediately precede it. Such sequences, in which from a certain point on every 
term can be represented as a linear combination of preceding terms, are said to be 
recursive sequences. The Fibonacci sequence is the first known recursive sequence 
in mathematical work. Fibonacci himself was probably aware of the recursive nature 
of his sequence, but it was not until 1634—by which time mathematical notation had 
made sufficient progress—that the formula appeared in a posthumously published 
paper by Albert Girard. 

The Fibonacci numbers grow rapidly. A result indicating this behavior is that 
Usni2 > 10” forn > 1, so that 


uz > 10, uy > 100, uy7> 1000, uo > 10000... 


The inequality can be established using induction on n, the case n = 1 being obvious 
because u7 = 13 > 10. Now assume that the inequality holds for an arbitrary integer 
n; we wish to show that it also holds for n + 1. The recursion rule uz = uz_) + uz_r 
can be used several times to express U5(n41)42 = Usn+7 in terms of previous Fibonacci 
numbers to arrive at 


Usn47 = 8Usn42 + SUsn+1 
> 8uUsn+2 at 2(Usn+1 + Usn) 
= 10Usn42 > 10-10" = 10"*! 
completing the induction step and the argument. 
It may not have escaped attention that in the portion of the Fibonacci sequence 


that we have written down, successive terms are relatively prime. This is no accident, 
as is now proved. 


Theorem 14.1. For the Fibonacci sequence, gcd(uy, , un+1) = 1 for everyn > 1. 


Proof. Let us suppose that the integer d > 1 divides both u,, and u,4,. Then their 
difference uy»+1 — Uy, = Uy— is also divisible by d. From this and from the relation 


FIBONACCI NUMBERS 287 


Un — Un—| = Upn—2, it may be concluded that d | u,_2. Working backward, the same 
argument shows that d | u,—3, d|uy,—4,..., and finally that d|u,. But wu; = 1, which 
is certainly not divisible by any d > 1. This contradiction ends our proof. 


Because u3 = 2,us = 5,u7 = 13,andu,,; = 89 are all prime numbers, we might 
be tempted to guess that u, is prime whenever the subscript n > 2 is a prime. This 
conjecture fails at an early stage, for a little figuring indicates that 


ujg = 4181 = 37- 113 


Not only is there no known device for predicting which u, are prime, but it is not 
even certain whether the number of prime Fibonacci numbers is infinite. Nonetheless, 
there is a useful positive result whose cumbersome proof is omitted: For any prime 
p, there are infinitely many Fibonacci numbers that are divisible by p and these are 
all equally spaced in the Fibonacci sequence. To illustrate, 3 divides every fourth 
term of the Fibonacci sequence, 5 divides every fifth term, and 7 divides every eighth 
term. 

With the exception of u1, U2, us, and u,2, each Fibonacci number has a “new” 
prime factor; that is, a prime factor that does not occur in any Fibonacci number 
with a smaller subscript. For example, 29 divides u;4 = 377 = 13 - 29, but divides 
no earlier Fibonacci number. 

As we know, the greatest common divisor of two positive integers can be found 
from the Euclidean Algorithm after finitely many divisions. By suitably choosing 
the integers, the number of divisions required can be made arbitrarily large. The 
precise statement is this: Given n > 0, there exist positive integers a and b such 
that to calculate gcd(a , b) by means of the Euclidean Algorithm exactly n divisions 
are needed. To verify the contention, it is enough to let a = uyj42 and b= upn4}. 
The Euclidean Algorithm for obtaining gcd(uyj42, uUn+1) leads to the system of 
equations 


Uni2 = 1. Uns) + Un 


Unt) = 1. Un + Un—1 


U4 =1l-uz;+u 
u3=2-u,+0 


Evidently, the number of divisions necessary here is n. The reader will no doubt 
recall that the last nonzero remainder appearing in the algorithm furnishes the value 
of gcd(Un42, Uns 1). Hence, 


gcd(un+2,Un+1) = U2 = 1 


which confirms anew that successive Fibonacci numbers are relatively prime. 
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Suppose, for instance, that n = 6. The following calculations show that we need 
6 divisions to find the greatest common divisor of the integers ug = 21 and u7 = 13: 


21=1-13+8 
13=1-8+4+5 
§=1-5+3 
5=1-34+2 
SS 18 2-F4 
2=2-1+0 


Gabriel Lamé observed in 1844 that if m division steps are required in the Euclidean 
Algorithm to compute gcd(a,b), where a>b>0, then a > uyj42,b = unit. 
Consequently, it was common at one time to call the sequence u,, the Lamé sequence. 
Lucas discovered that Fibonacci had been aware of these numbers six centuries ear- 
lier; and, in an article published in the inaugural volume (1878) of the American 
Journal of Mathematics, he named it the Fibonacci sequence. 

One of the striking features of the Fibonacci sequence is that the greatest common 
divisor of two Fibonacci numbers is itself a Fibonacci number. The identity 


Umtn = Um-1Un + UmUn+1 (1) 


is central to bringing out this fact. For fixed m > 2, this identity is established by 
induction on n. When n = 1, Eq. (1) takes the form 


Umt1 = Um—1U, + Umu2 = Um—-1 + Um 
which is obviously true. Let us therefore assume that the formula in question holds 
when n is one of the integers 1, 2,..., & and try to verify it when n = k + 1. By the 


induction assumption, 


Um+tk = Um—lUK + UmUKLI 


Um+(k—1) = Um—1Ug—1 + UmU 
Addition of these two equations gives us 
Um+k + Um+(k—-1) = Um—-1Uk + Uk-1) + Um (Ue¢1 + Uk) 


By the way in which the Fibonacci numbers are defined, this expression is the same 
as 


Um+(k+1) = Um—1Ug41 + UmUK42 


which is precisely Eq. (1) with n replaced by & + 1. The induction step is thus 
complete and Eq. (1) holds for all m > 2 andn > 1. 
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One example of Eq. (1) should suffice: 
Ug = U643 = Usu3 +uUgu4 =5-24+8-3 = 34 
The next theorem, aside from its importance to the ultimate result we seek, has an 
interest all its own. 


Theorem 14.2. Form > 1, > 1, Umy is divisible by up. 


Proof. We again argue by induction on n, the result being certainly true whenn = 1. For 
our induction hypothesis, let us assume that u,,,, is divisible by u, forn = 1,2,...,k. 
The transition to the case Um(.+1) = Umk+m 1S realized using Eq. (1); indeed, 


Um(k+1) = Umk—-1Um + UmkUmt+1 


Because uy, divides u,,. by supposition, the right-hand side of this expression (and, 
hence, the left-hand side) must be divisible by u,,. Accordingly, Up | Umck+1), Which 
was to be proved. 


Preparatory to evaluating gcd(u,, , u,), we dispose of a technical lemma. 
Lemma. If m = qn-+r, then gcd(u», , un) = gcd(u; , Uy). 


Proof. To begin with, Eq. (1) allows us to write 
gcd(Um »Un) = gcd(ugn+r , Un) 
= gcd(ugn—1Ur + UgnUr+1 » Un ) 


An appeal to Theorem 14.2 and the fact that gcd(a +c, b) = gcd(a, b), whenever b | c, 
gives 


gcd(ugn—1Uy + UgnUr+1 » Un) = gcd(ugn—1U, , Un) 


Our claim is that gcd(ugn_—1 , Un) = 1. To see this, set d = gcd(ugn—| , Un). The 
relations d|u, and uy, |Ugn imply that d|u,,, and therefore d is a (positive) com- 
mon divisor of the successive Fibonacci numbers ug,—, and ugn. Because successive 
Fibonacci numbers are relatively prime, the effect of this is that d = 1. 

To finish the proof, the reader is left the task of showing that whenever gcd(a , c) = 
1, then gcd(a , bc) = gcd(a, b). Knowing this, we can immediately pass on to 


gcd(um , Un) = gcd(ugn— Uy ,Un) = gcd(u; , Un) 


the desired equality. 


This lemma leaves us in the happy position in which all that is required is to put 
the pieces together. 


Theorem 14.3. The greatest common divisor of two Fibonacci numbers is again a 
Fibonacci number; specifically, 


gcd(Um ,Un) = Ug where d = gcd(m,n) 
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Proof. Assume that m > n. Applying the Euclidean Algorithm to m and n, we get the 
following system of equations: 


m=qn+nr O<r,<n 

n= qr, +r2 O<rm <r, 

ry = qQ3ra tr; O<7r3<Pro 
'n—2 = Gntn-1 + Tn O<Ty < ln-1 


Mn—1 = Qn+iln + 0 
In accordance with the previous lemma, 
gcd(um ’ Un) = gcd(u,, ’ Un) = gcd(u,, ’ Ur, ) a tes gcd(u,,_, ’ U,, ) 


Because r, | fn—1, Theorem 14.2 tells us that u,, |u,,_,, whence gcd(u,,_, , u;,) = Uy,. 
But r,,, being the last nonzero remainder in the Euclidean Algorithm for m and n, is 
equal to gcd(m , n). Tying up the loose ends, we get 

gcd(um ,Un) = Ugcd(m ,n) 


and in this way the theorem is established. 


It is interesting to note that the converse of Theorem 14.2 can be obtained from 
the theorem just proved; in other words, if u, is divisible by u,,, then we can conclude 
that n is divisible by m. Indeed, if u,, | u,, then gcd(um , Un) = Um. But according to 
Theorem 14.3, the value of gcd(u,, , u,) must be equal tO Ugcan ny). The implication 
of all this is that gcd(m ,n) = m, from which it follows that m |n. We summarize 
these remarks in the following corollary. 


Corollary. In the Fibonacci sequence, uv», | u, if and only if m|n forn > m > 3. 


A good illustration of Theorem 14.3 is provided by calculating gcd(uj6, uj2) = 
gcd(987 , 144). From the Euclidean Algorithm, 
987 = 6- 144+ 123 
144=1-123421 
123 =35-21+ 18 
21=1-18+3 
18 =6-3+4+0 


and therefore gcd(987 , 144) = 3. The net result is that 
gcd(ui6 , U2) = 3 = U4 = Ugea(16 ,12) 


as asserted by Theorem 14.3. 

When the subscript > 41s composite, then uv, will be composite. Forifn = rs, 
where r > s > 2, the last corollary implies that u,|u, and u,|u,. To illustrate: u4|u29 
and u5|29 or, phrased differently, both 3 and 5 divide 6765. Thus, primes can occur 
in the Fibonacci sequence only for prime subscripts—the exceptions being uz = 1 
and u4 = 3. But when p is prime, u, may very well be composite, as we saw with 
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ujg = 37 - 113. Prime Fibonacci numbers are somewhat sparse; only 25 of them are 
presently known, the largest being the 1946-digit 19311. 

Let us present one more proof of the infinitude of primes, this one involv- 
ing Fibonacci numbers. Suppose that there are only finitely many primes, say r 
primes 2,3,5,..., p,, arranged in ascending order. Next, consider the correspond- 
ing Fibonacci numbers uz, v3, Us, ..., Upy,. According to Theorem 14.3, these are 
relatively prime in pairs. Exclude uz = 1. Each of the remaining r — 1 numbers is 
divisible by a single prime with the possible exception that one of them has two 
prime factors (there being only r primes in all). A contradiction occurs because 
u37 = 73 - 149-2221 has three prime factors. 


PROBLEMS 14.2 


1. Given any prime p #5, it is known that either up,_) Or Up+1 1s divisible by p. Confirm 
this in the cases of the primes 7, 11, 13, and 17. 
2. Forn = 1,2,..., 10, show that 5u? + 4(—1)" is always a perfect square. 
3. Prove that if 2 | u,,, then 4 | (ur, — u>_,); and similarly, if 3 | u,, then 9 | (up 4) — u>_,). 
4. For the Fibonacci sequence, establish the following: 
(a) Un+3 = Uy (mod 2), hence u3, Ue, Ug, ... are all even integers. 
(b) Un+5 = 3u, (mod 5), hence us, uj9, U15,... are all divisible by 5. 
5. Show that the sum of the squares of the first n Fibonacci numbers is given by the formula 


2 2 2 2 
Uy uy U3 ++ FU = UnUy+1 


[Hint: For n > 2, ur = UpUy4] — UnUy—1.] 
6. Utilize the identity in Problem 5 to prove that for n > 3 


wey =U, + 3un_) + 2up_ +up_3 +--+ +u54+uj) 


7. Evaluate gcd(ug , u12), gcd(uj5 , 29), and gcd(u4 , U36). 
. Find the Fibonacci numbers that divide both u4 and u3¢. 
9. Use the fact that u,, | u, if and only if m |n to verify each of the assertions below: 

(a) 2|u, if and only if 3 |n. 
(b) 3|u, if and only if 4|n. 
(c) 4|u, if and only if 6|n. 
(d) 5|u, if and only if 5 |n. 

10. If gcd(m ,n) = 1, prove that u,,u, divides Uy», for all m,n > 1. 

11. It can be shown that when u,, is divided by u,,(n > m), then the remainder r is a Fibonacci 
number or uy, — r is a Fibonacci number. Give examples illustrating both cases. 

12. It was proved in 1989 that there are only five Fibonacci numbers that are also triangular 
numbers. Find them. 

13. Forn > 1, prove that 2”~'u, =n (mod 5). 
[Hint: Use induction and the fact that 2”u,4.; = 2(2”~!u,) + 4(2"-*uy_1).] 

14. If u, <a < Uni, < D < Uny42 for some n > 4, establish that the sum a + Db cannot be 
a Fibonacci number. 

15. Prove that there is no positive integer n for which 


Uy +ug +u3+---+ U3, = 16! 
[Hint: By Wilson’s theorem, the equation is equivalent to u3,42 = 0 (mod 17). Because 
17 | ug, 17 | um if and only if 9|m.] 


16. If 3 divides n + m, show that Uy —|Un + Un—mUn+1 1S an even integer. 
17. For n > 1, verify that there exist n consecutive composite Fibonacci numbers. 


CO 
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18. Prove that 9 | u,,424 if and only if 9 | uy. 

[Hint: Use Eq. (1) to establish that uyn424 = uy, (mod 9).] 
19. Use induction to show that uz, = n(—1)"t! (mod 5) forn > 1. 
20. Derive the identity 


Unt3 = 3Unt1 — Un-1 n>2 


[Hint: Apply Eq. (1).] 


14.3. CERTAIN IDENTITIES INVOLVING FIBONACCI NUMBERS 


We move on and develop several of the basic identities involving Fibonacci numbers; 
these should be useful in doing the problems at the end of the section. One of the 
simplest asserts that the sum of the first n Fibonacci numbers is equal to u,42 — |. 
For instance, when the first eight Fibonacci numbers are added together, we obtain 


Leal 23 a 8 1S 21 4 SS Sig Hl 
That this is typical of the general situation follows by adding the relations 
Uj = U3 — U2 
U2 = U4 — U3 


U3 = Us — U4 


Un—| = Unt — Un 
Un = Un+2 — Un+i1 
On doing so, the left-hand side yields the sum of the first n Fibonacci numbers, 


whereas on the right-hand side the terms cancel in pairs leaving only uy,+2 — u2. But 
u2 = |. The consequence is that 


Uy + U2 + U3 +++ + Uy = Uny2 — 1 (2) 
Another Fibonacci property worth recording is the identity 
Uy = Uny1Un—1 + (—-1)"! (3) 


This may be illustrated by taking, say, n = 6 and n = 7; then 

ue = 8 = 13-5—l=uzus —1 

us = 137 = 21-841 =ugug +1 
The plan for establishing Eq. (3) is to start with the equation 

Uz — Unp1Un—1 = Un(Un—1 + Un—2) — Ung1Un-1 
= (Un — Unti)Un—1 + Unuln—2 
From the rule of formation of the Fibonacci sequence, we have uyj+1 = Up + Un—1, 
and so the expression in parentheses may be replaced by the term —u,_; to produce 
Uy — Un41Un—1 = (—1)(u,_) — UnUln—2) 


The important point is that except for the initial sign the right-hand side of this 
equation is the same as the left-hand side, but with all the subscripts decreased by 1. 
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By repeating the argument u2_, — u,uUn—2 can be shown to be equal to the expression 


(—1)(u2_, — Un—1Un—3), whence 
Ur — Un+iUn—1 = (—1)?(ue_5 — Un—1Un—3) 
Continue in this pattern. After n — 2 such steps, we arrive at 
ur — Un+1Un-1 = (—1)"-7(u3 = U3) 
=(-1°7(0? -2-D=(-1"7 


which we sought to prove. 
For n = 2k, Eq. (3) becomes 


2 
Ud, = U241U2%-1 — I (4) 


While we are on the subject, we might observe that this last identity is the basis of 
a well-known geometric deception whereby a square 8 units by 8 can be broken up 
into pieces that seemingly fit together to form a rectangle 5 by 13. To accomplish 
this, divide the square into four parts as shown below on the left and rearrange them 
as indicated on the right. 


8 


3 


5 
By 5 
13 d 


The area of the square is 8* = 64, whereas that of the rectangle that seems to 
have the same constituent parts is 5 - 13 = 65, and so the area has apparently been 
increased by 1 square unit. The puzzle is easy to explain: The points a, b, c, d do not 
all lie on the diagonal of the rectangle, but instead are the vertices of a parallelogram 
whose area, of course, is exactly equal to the extra unit of area. 

The foregoing construction can be carried out with any square whose sides are 
equal to a Fibonacci number u2;,. When partitioned in the manner indicated 


Ud; 


U2~-2 


Ud] 


Udk—] 
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the pieces may be reformed to produce a rectangle having a slot in the shape of a 
slim parallelogram (our figure is greatly exaggerated): 


Ur, UdK-] 


Ud] 


U2k+] 


The identity u2,—jU2%4; —1= US, may be interpreted as asserting that the area of 
the rectangle minus the area of the parallelogram is precisely equal to the area of the 
original square. It can be shown that the height of the parallelogram—that is, the 
width of the slot at its widest point—is 


J 


9 2 
Ux, + Ux, 5 


When wu; has a reasonably large value (Say, u2, = 144, so that u2,2 = 55), the slot 
is SO narrow that it is almost imperceptible to the eye. 


The First 50 Fibonacci Numbers 


uy 1 u26 121393 
u2 1 u27 196418 
U3 2 u28 317811 
U4 3 u29 514229 
U5 5 U30 832040 
U6 8 U3] 1346269 
uz 13 u32 2178309 
Ug 21 U33 3524578 
Ug 34 U34 5702887 
10 55 U35 9227465 
Uj 89 U36 14930352 
u42 144 U37 24157817 
U43 233 U38 39088169 
u14 377 u39 63245986 
U15 610 U40 102334155 
U16 987 U4] 165580141 
u17 1597 U4? 267914296 
U18 2584 u43 433494437 
19 4181 U44 701408733 
U0 6765 U45 1134903170 
ur 10946 UG 1836311903 
u22 17711 U47 2971215073 
U3 28657 U4g 4807526976 
u24 46368 u49 7778742049 


u25 75025 us0 12586269025 
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There are only three Fibonacci numbers known that are squares (uj = U2 = 1, uUj2 = 
127) and only three that are cubes (u; = uz = 1, ug = 2°). Five of them are triangular 
numbers, namely, uw; = uz = 1, u4 = 3, ug = 21, and uj9 = 55. Also, no Fibonacci 
number is perfect. 

The next result to be proved is that every positive integer can be written as a 
sum of distinct Fibonacci numbers. For instance, looking at the first few positive 
integers: 


J=u, S$ =uU5=—uU4t+ U3 

2 = U3 6=ustuy=—u4tu3+uy 

3= U4 T=ustu3=u4tuztu.t+uy 
4=u4t+uy S=uUg =U5+ U4 


It will be enough to show by induction onn > 2 that each of the integers 1, 2,3,..., 
u, — 1isasum ofnumbers from the set {u1, v2, ..., Un—2}, none repeated. Assuming 
that this holds forn = k, choose N with u, —1< N < uxz41. Because N — uz_| < 
Uk+1 — UgR—1 = Ux, We infer that the integer N — ux_, is representable as a sum of 


distinct numbers from {uv 1, v2, ..., Uz—2}. Then N and, in consequence, each of the 
integers 1, 2,3,..., x4; — 1 can be expressed as a sum (without repetitions) of 
numbers from the set {u1, U2, ..., Ux_2, Uz_1}. This completes the induction step. 


Because two consecutive members of the Fibonacci sequence may be combined 
to give the next member, it is superfluous to have consecutive Fibonacci numbers 
in our representation of an integer. Thus, uv, + uxz_; is replaced by uz4; whenever 
possible. If the possibility of using uw, is ignored (because uw also has the value 1), 
then the smallest Fibonacci number appearing in the representation is either u2 or 
u3. We arrive at what is known as the Zeckendorf representation. 


Theorem 14.4. Any positive integer N can be expressed as a sum of distinct Fibonacci 
numbers, no two of which are consecutive; that is, 
N = ug, + uy +--+ + up 
where k; > 2 andkj4,; >k; +2 for j =1,2,...,r—1. 
When representing the integer VN, whereu, < N < u;1,,aSasum of nonconsec- 
utive Fibonacci numbers, the number u, must appear explicitly. If the representation 
did not contain u,, then even if all the admissible Fibonacci numbers were used their 


sum would not add up to N. For when r is even, say r = 2s, we have the easily 
established identity 


U3 + us +7 tess + los] = ag —L =u, —1 
whereas if r is odd, say r = 2s + 1, then 
U2 +g +uet---+ les =Uas-1 —-L=u,—-1 


In either case, the resulting sum is less than NV. Any other Zeckendorf represen- 
tation would not have a sum large enough to reach u, — 1. 
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To take a simple example, pick N = 50. Here, uo < 50 < ujg and the 
Zeckendorf representation is 


50 = ug +u7+ uo 


In 1843, the French mathematician Jacques-Philippe-Marie Binet (1786-1856) 
discovered a formula for expressing u, in terms of the integer n; namely, 


a [) C54) 


This formula can be obtained by considering the two roots 


1+ /5 1- V5 
= 5 and p= 


of the quadratic equation x” — x — 1 = 0. As roots of this equation, they must satisfy 


a=at+l and p*=6+4+1 


When the first of these relations is multiplied by w”, and the second by 6”, the result 
1S 


qt = qg?t! aif gy” and pre = iia a p" 
Subtracting the second equation from the first, and dividing by a — B, leads to 


gnt2 ae oer gtt! a pS gg”? — B 
i ee 
a—Bp a—p a— Bp 
If we put H, = (a” — B")/(a — B), the previous equation can be restated more 
concisely as 


An42 = An+1 + An n> \ 
Now notice a few things about a and B: 
atp=1 a—-pa=v5 ap = —1 
Hence, 


= 2 p2 
H, = alan a] Hy = aE 
a— Bp a— B 
What all this means is that the sequence H,, Hz, H3, --- is precisely the Fibonacci 
sequence, which gives 


=a+B=1 


7 qt — p” 
=a 
With the help of this rather awkward-looking expression for u, known as the 


Binet formula, it is possible to derive conveniently many results connected with the 
Fibonacci numbers. Let us, for example, show that 


Un n>1 


2 o> 
Unig — UW = Uon42 
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As we start, recall that a8 = —1 which has the immediate consequence that 
(aB)** = 1 fork > 1. Then 


; ; gtt2 _ grt2 2 a” — Br 2 
Haan = ( a— p eas 


(a — py (a — B)? 
22) + Brn+2) - q2n = p 
7 (a — py 


Now the expression in the numerator may be rewritten as 
2(n+2 29 2 Q2 2(n+2 2 2\¢,2n+2 2n+2 
a — (arya — (By B™ + BOTY = (a? — BY(a™™ — BE) 
On doing so, we get 


(a? = B?)(a2" +4 _ po) 


Wn 4o a ; a (a iz By 
qt 2. per 
= (a+ PB) (—— 


= 1 + Uons42 = Uons2 


For a second illustration of the usefulness of the Binet formula, let us once again 
derive the relation W2n41U2,-1 — 1 = u5,,. First, we calculate 


2n+1 _— Q2n+1 2n—1 __ Q2n-1 
loqlon=i = LS (—_ P ) (—-— — | 
J/5 J/5 


= (a 4. po _ (ap)?! oe? _ (ap)"—' p? -_ 5) 


= (a Apr da aR y=) 


Because a” + * = 3, this last expression becomes 


(a a Be -_ 2) = (a atts pe _ 2(aB)°") 


a2” _ Bp" 2 5 
(CGP) oa 


leading to the required identity. 
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The Binet formula can also be used to obtain the value of Fibonacci numbers. 
The inequality 0 < |8| < 1 implies that |B”| = |6|” < 1 forn > 1. Hence 


n gg? — p" Q” 
WS (OS 
il + J! 
5 V5 


which indicates that u, is the nearest integer to “= wa For instance, * aa ~~ 377, wee 


Q 


we 


un — 


tells us that the Fibonacci number u)4 = 377. Similarly, u;5 = 610 because ° oi 
609.9996. Our result can be viewed as asserting that u, is the largest integer not 
exceeding i + 7 or expressed in terms of the greatest integer function, 


We conclude this section with two theorems concerning prime factors of 
Fibonacci numbers. The first shows that every prime divides some Fibonacci number. 
Because 2 | u3, 3 | u4, and 5 | us, it suffices to consider those primes p > 5. 


Theorem 14.5. For a prime p > 5, either p | u,_, or p | Up41, but not both. 


Proof. By Binet’s formula, up, = (a? — B”)//5. When the pth powers of a and B 
are expanded by the binomial theorem, we obtain 


up = ss E + (‘) V5 + (5) 5+ (3) 575 0+ (°) sires] 
sal (+0) Qasr 
= sr | (7) + (8) 5+ (2) r++ (2) 50>? | 


Recall that (?) = 0 (mod p) for 1 < k < p — 1,andalso2?~! = 1 (mod p). These 
facts allow us to write the expression for u, more simply as 


Uy = 2? uy = (") 50P—D/2 — 5(P—-D/? (mod p) 


Theorem 9.2 then yields up = (5/p) = +1 (mod p), so that u*, = 1 (mod p). The 
final touch is to treat the familiar identity u%, = up—jup41 + (—1)? | as a congruence 
modulo p, thereby reducing it to up_jup41 =O (mod p). This, however, is just the 
statement that one of u,_; and u p+, is divisible by p. Because gcd(p — 1, p+ 1) = 2, 
Theorem 14.3 tells us that 

gcd(up-1,Up4+1) = U2 = 1 


and the pieces of the theorem are established. 


We should point out that p — 1 or p + 1 is not necessarily the smallest subscript 
of a Fibonacci number divisible by p. For instance, 13 | u14, but also 13 | uz. 
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Having considered a divisibility feature of u,_; or up+1, We next turn to up, 
where p is a prime. Of course, u, could itself be prime as with us = 5 and u7 = 13. 
There are several results dealing with the composite nature of certain u,. We conclude 
the section with one of these. 


Theorem 14.6. Let p > 7 be a prime for which p = 2(mod 5), or p = 4 (mod 5). If 
2p — 11s also prime, then 2p — l1|up. 


Proof. Suppose that p has the form 5k + 2 for some k. The starting point is to square 
the formula u, = (a? — B”)//5, then expand a? and 67? by the binomial theorem 


to get 
] 2p 2p 2p 
2 | ! 2 Nl P| 4 
Sus = aps! (7) (7) - (7) | : 


Observe that ) = (0 (mod 2p — 1) for 2 < k < 2p — 1 while, because 2p — | is 
prime, 27?-! = 2 (mod 2p — 1). This enables us to reduce the expression for u*, to 


2(5u,)” = (1+ 5") + 4 (mod 2p — 1) 
or simply, to 2u%, = 1 + 5?~!(mod 2p — 1). Now 
SP} — 5@P-2/2 = (5/2p — 1) (mod 2p — 1) 
From Theorems 9.9 and 9.10, it is easy to see that 
(5/2p — 1) = 2p — 1/5) = (0k + 3/5) = G/5) = -1 


Last, we arrive at 2u*, = 1+ (—1) = 0(mod 2p: — 1), from whichit may be concluded 
that 2p — 1 divides u,. The case p = 4 (mod 5) can be handled in much the same way 
upon noting that (2/5) = —1. 


As illustrations, we mention u;9 = 37 - 113, where 19 = 4 (mod 5); and u37 = 
73 - 330929, where 37 = 2 (mod 5). 

The Fibonacci numbers provide a continuing source of questions for investi- 
gation. Here is a recent result: the largest Fibonacci number that is the sum of two 
factorials is uj> = 144 = 4! + 5!. 


PROBLEMS 14.3 


1. Using induction on the positive integer n, establish the following formulas: 
(a) Uy + 2u2 + 3u3 +--+ + nu, = (n + I)ung2 — Unya + 2. 
(b) U2 + 2u4 + 3g +--+ + N27 = NU2741 — Von. 
2. (a) Show that the sum of the first n Fibonacci numbers with odd indices is given by the 


formula 
Uy + U3 + U5 + +++ + Uan-1 = Urn 
[Hint: Add the equalities uv) = uz, U3 = U4 — U2, Us = U6 — Ug, ...-] 
(b) Show that the sum of the first n Fibonacci numbers with even indices is given by the 
formula 


U2 + ug +g + +++ + Uap = Urns — | 


[Hint: Apply part (a) in conjunction with identity in Eq. (2).] 
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11. 


12. 
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(c) Derive the following expression for the alternating sum of the first n > 2 Fibonacci 
numbers: 


My — U2 tu3—ugt---+(-1) ue, = 14+ (-1)"* a) 


. From Eq. (1), deduce that 


= 2 Sie, ee 
Urn—-1 =U + Uy _, Ur =U, —Up_y n> 


. Use the results of Problem 3 to obtain the following identities: 


(a) ue sg oe = 2uan_1,n = 3. 
(b) Unga + up| = uy + U4) = 2. 


. Establish that the formula 


2 2 
UnUn—| =U, —ue_, +(—1)" 


holds for n > 2, and use this to conclude that consecutive Fibonacci numbers are 
relatively prime. 


. Without resorting to induction, derive the following identities: 


(a) a — 4u,Un_| = Ue, n> 3. 
[Hint: Start by squaring both u,_2 = uy, — Un—; aNd Uny, = Uy_ + Uy_1.] 
(b) Un+1Uun—-1 — Un42Uun-2 = Ds an ee n > 3. 
[Hint: Put Ups2 = Unr, + Un, Un—2 = Un — Uy_, and use Eq. (3).] 
(c) u2 — un42tn—2 = (—1)",n > 3. 
[Hint: Mimic the proof of Eq. (3).] 
(d) 02 — Un43un—3 = 4(-1)"*1,n > 4. 
(€) UnUn41Un43Un44 = ee —l,n>l. 
[Hint: By part (Cc), Un44un = uZ,,+(—1)"*', whereas by Eq. (3), Un41Un43 = 
u2 y+ (-1"?] 


. Represent the integers 50, 75, 100, and 125 as sums of distinct Fibonacci numbers. 
. Prove that every positive integer can be written as a sum of distinct terms from the 


sequence U2, U3, U4, ... (that is, the Fibonacci sequence with u, deleted). 


. Establish the identity 


(UnUn4+3)° 1 (Quin 41Un+2)” —= (w2n43)° n= | 


and use this to generate five primitive Pythagorean triples. 

Prove that the product uyjuy4,Un42Un+3 Of any four consecutive Fibonacci numbers is 
equal to the area of a Pythagorean triangle. 

[Hint: See the previous problem. ] 

From the Binet formula for Fibonacci numbers, derive the relation 


U9n+2U2n—1 — U2nU2n+1 = ] n= ] 


Forn > 1, show that the product u2,_1U2,45 can be expressed as the sum of two squares. 

[Hint: Problem 6(d).] 

(a) Prove that if p = 4k + 3 is prime, then p cannot divide a Fibonacci number with 
odd index; that is, p J) u2,_; for alln > 1. 
[Hint: In the contrary case, u? + u2_, = U2; =0 (mod p). See Problem 12, 
Section 5.3.] 

(b) From part (a) conclude that there are infinitely many primes of the form 4k + 1. 
[Hint: Consider the sequence {u,,}, where p > 5 is prime.] 


14. 


15. 


16. 


17. 


18. 


19. 


20. 


21. 


22. 
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Verify that the product u2,U2n42U2n+4 Of three consecutive Fibonacci numbers with even 
indices is the product of three consecutive integers; for instance, we have u4ugug = 
504 =7-8-9. 

[Hint: First show that u2,on44 = U5,49 — 1.] 

Use Eqs. (1) and (2) to show that the sum of any 20 consecutive Fibonacci numbers is 
divisible by uj. 

For n > 4, prove that u, + 1 is not a prime. 

[Hint: It suffices to establish the identities 


Ugg + 1 = Ur (UrK + U2%42) 
Uae + 1 = ogi (Uoe—1 + Ur2x41) 
Uge+2 + 1 = Ur.42(Ure41 + Ur2e-1) 
Uge+3 + 1 = Ur 41(Uoegi + U2K43)-] 


The Lucas numbers are defined by the same recurrence formula as the Fibonacci numbers, 
L,= Ln-1 + Ln-2 ne 3 


but with L; = 1 and Lz = 3; this gives the sequence 1, 3, 4, 7, 11, 18, 29, 47, 76, 123, 
199, 322, .... For the Lucas numbers, derive each of the identities below: 
(a) EL} +£o.+034+---+L£, = Lny2-—3,n > 1 
(b) Lb) + £3 +L5+---+ Loy) = Loa, —2,n = 1. 
(c) Lo + La + Le +e + Ly, = bons —I,n a 1. 
(d) L2 = LyyiLn-1 + 5(—1)",n = 2. 
(e:) L2+L34+L34+---+L2 =LyLny, —2,n > 1. 
(f) hg bea La haorn =o. 
Establish the following relations between the Fibonacci and Lucas numbers: 
(a) Ly = Un+1 Un) = Un + 2Un—1,n > 2. 
[Hint: Argue by induction on n.]| 
(b) Ly = Un42 — Un_2,n = 3. 
(Cc) Uy, =u,L,,n > 1. 
(d) Last + Ly-1 = Sun, n > 2. 
(e) L: = ur + 4Un4{Un_1,n > 2. 
(1) 2Um4n = UmLyn + Lmtn,m>1,n> 1. 
(g) gcd(u,, L,) =1or2,n > 1. 
Ifa = (1 + /5)/2 and 6B = (1 — V5)/2, obtain the Binet formula for the Lucas numbers 
L, =a" + B" n>] 
For the Lucas sequence, establish the following results without resorting to induction: 
(a) L? = Ly + 2(-1)",n = 1. 
(b) LnlLn+ 7. Lon+1 = (-1)’, n= 1. 
(c) L2 — Ly Lng, = 5(—-1)",n = 2. 
(d) La, +7(—-1)" = Ly-2bny2,n > 3. 
Use the Binet formulas to obtain the relations below: 
(a) L? —5u2 = 4(-1)",n > 1. 
(b) Lany1 = SUnuny) +(—1)",n = 1. 
(c) L? — u? = 4uy_jUnyi,n > 2. 
(d) Lin ln + 5SUmun = 2Lmin,m >1,n > 1. 
Show that the Lucas numbers Ly, Lg, Li6, L32,... all have 7 as the final digit; that is, 
Lan = 7 (mod 10) forn > 2. 
[Hint: Induct on the integer n and appeal to the formula Be = Loy, + 2(-1)".] 
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23. In 1876, Lucas discovered the following formula for the Fibonacci numbers in terms of 
the binomial coefficients: 


m= Co) Cr Care Gael 5) 


where j is the largest integer less than or equal to (n — 1)/2. Derive this result. 
[Hint: Argue by induction, using the relation u, = u,_; + Uy,—2; note also that 


m m— I m—1 
(7) =("e') #021): 
24. Establish that forn > 1, 


(a) # Uy + 4 uz + (5) a (") Un = Un, 
(b) — (i) Uy + (5) uz — (5) u3-+---+(—1)" (") Un = —Uy. 


[Hint: Use the Binet formula for u,,, and then the binomial theorem. ] 
25. Prove that 24 divides the sum of any 24 consecutive Fibonacci numbers. 
[Hint: Consider the identity 


Un + Ung, +++ + Untk—1 = Up—1 (gg — 1) + Un(Ugs2 — 1).] 


26. Letn > 2 andm =n} — n. Show that u,, is divisible by 30290. 
[Hint: See Problem 1(b) of Section 7.3.] 

27. For n > 1, prove that the sequence of ratios u,4);/u, approaches q@ as a limiting value; 
that is, 


[Hint: Employ the relation u, = = + 6,, where |6;| < 2 for all k > 1.] 
28. Prove the following two assertions: 
(a) If p is a prime of the form 5k + 2, then p|u p41. 
[Hint: Mimic the argument in Theorem 14.5, with up, replacing u,.] 
(b) If p is a prime of the form 5k = 1, then pu p-1. 


CHAPTER 
CONTINUED FRACTIONS 


A mathematician, like a painter or a poet, is a maker of patterns. If his patterns 
are more permanent than theirs, it is because they are made with ideas. 
G. H. HARDY 


15.1 SRINIVASA RAMANUJAN 


From time to time India has produced mathematicians of remarkable power, but 
Srinivasa Ramanujan (1887—1920) is universally considered to have been its greatest 
genius. He was born in the southern Indian town of Erode, near Madras, the son of 
a bookkeeper in a cloth merchant’s shop. He began his single-minded pursuit of 
mathematics when, at the age of 15 or 16, he borrowed a copy of Carr’s Synopsis 
of Pure Mathematics. This unusual book contained the statements of over 6000 
theorems, very few with proofs. Ramanujan undertook the task of establishing, 
without help, all the formulas in the book. In 1903, he won a scholarship to the 
University of Madras, only to lose it a year later for neglecting other subjects in 
favor of mathematics. He dropped out of college in disappointment and wandered the 
countryside for the next several years, impoverished and unemployed. Compelled 
to seek a regular livelihood after marrying, Ramanujan secured (1912) a clerical 
position with the Madras Port Trust Office, a job that left him enough time to continue 
his work in mathematics. After publishing his first paper in 1911, and two more the 
next year, he gradually gained recognition. 

At the urging of influential friends, Ramanujan began a correspondence with the 
leading British pure mathematician of the day, G. H. Hardy. Appended to his letters 
to Hardy were lists of theorems, 120 in all, some definitely proved and others only 
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Srinivasa Ramanujan 
(1887-1920) 


(Trinity College Library, Cambridge) 


conjectured. Examining these with bewilderment, Hardy concluded that “they could 
only be written down by a mathematician of the highest class; they must be true 
because if they were not true, no one would have the imagination to invent them.” 
Hardy immediately invited Ramanujan to come to Cambridge University to develop 
his already great, but untrained, mathematical talent. Up to that time, Ramanujan 
had worked almost totally isolated from modern European mathematics. 

Supported by a special scholarship, Ramanujan arrived in Cambridge in April 
1914. There he had 3 years of uninterrupted activity, doing much of his best work 
in collaboration with Hardy. Hardy wrote to Madras University saying, “He will 
return to India with a scientific standing and reputation such as no Indian has en- 
joyed before.” However, in 1917, Ramanujan became incurably ill. His disease was 
diagnosed at that time as tuberculosis, but it is now thought to have been a severe 
vitamin deficiency. (A strict vegetarian who cooked all of his own food, Ramanujan 
had difficulty maintaining an adequate diet in war-rationed England.) Early in 1919 
when the seas were finally considered safe for travel, he returned to India. In ex- 
treme pain, Ramanujan continued to do mathematics while lying in bed. He died the 
following April, at the age of 32. 

The theory of partitions is one of the outstanding examples of the success of the 
Hardy-Ramanujan collaboration. A partition of a positive integer n is a way of writing 
n aS a Sum of positive integers, the order of the summands being irrelevant. The 
integer 5, for example, may be partitioned in seven ways:5,4+ 1,3+2,3+1+1, 
24+24+1,2+14+1+4+1,14+1+1+1+1. If p(™) denotes the total number of 
partitions of n, then the values of p(n) for the first six positive integers are p(1) = 1, 
p(2) = 2, p(3) = 3, p(4) = 5, pS) = 7 and p(6) = 11. Actual computation shows 
that the partition function p(n) increases very rapidly with n; for instance, p(200) 
has the enormous value 


p(200) = 3972999029388 
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Although no simple formula for p(n) exists, one can look for an approximate 
formula giving its general order of magnitude. In 1918, Hardy and Ramanujan proved 
what is considered one of the masterpieces in number theory: namely, that for large 
n the partition function satisfies the relation 


ecvn 
n) © 
P( inti 


where the constant c = 2(2/3)!/*. For n = 200, the right-hand side of the previous 
relation is approximately 4 - 10!*, which is remarkably close to the actual value of 
p(200). 

Hardy and Ramanujan proved considerably more. They obtained a fairly com- 
plicated infinite series for p(n) that could be used to calculate p(n) exactly, for any 
positive integer n. When n = 200, the initial term of this series produces the ap- 
proximation 3972998993 185.896, agreeing with the first six significant figures of 
p(200); truncated at five terms, the series approximates the exact value with an error 
of 0.004. 

Ramanujan was the first to discover (in 1919) several remarkable congruence 
properties involving the partition function p(n); namely, he proved that 


p(sk +4) =0(mod5) ~— p(7kK +5) =O(mod7) p(k + 6) = 0 (mod 11) 


as well as similar divisibility relations for the moduli 5*, 77, and 117, such as 
p(25k + 24) = 0 (mod 57). These results were embodied in his famous conjec- 
ture: For g = 5,7, or 11, if 24n = 1 (mod q*), then p(n) = 0 (mod g*) for all k > 0. 
From extensive tables of values of p(n), it was later noticed that the conjectured 
congruence relating to powers of 7 is false when k = 3; that is, when n = 243, we 
have 24n = 5832 = 1 (mod 7°), but 


p(243) = 133978259344888 = 245 # 0 (mod 7°) 


Yet Ramanujan’s inspired guesses were illuminating even when incorrect, for it is 
now known that if 24n = 1 (mod 7**~*), then p(n) = 0 (mod 7*) for k > 2. It was 
proved in 1999 that partition congruences can be found not only for 5, 7, and 11, but 
also for all larger primes. 

In 1915, Ramanujan published an elaborate 63-page memoir on highly compos- 
ite numbers. An integern > | is termed highly composite if it has more divisors than 
any preceding integer; in other words, the divisor function T satisfies t(m) < T(n) 
for all m <n. The first 10 highly composite numbers are 2, 4, 6, 12, 24, 36, 48, 60, 
120, and 180. Ramanujan obtained some surprisingly accurate information concern- 
ing their structure. It was known that highly composite numbers could be expressed 
as 


n = 235%... pk where kj > ko > k3 >--->k, 


What Ramanujan showed was that the beginning exponents form a strictly decreasing 
sequence k, > ky > k3 > ---, but that later groups of equal exponents occur; and 
that the final exponent k, = 1, except when n = 4 or n = 36, in which case k, = 2. 
As an example, 


6746328388800 = 2°. 34. 57-77-11. 13-17-19 - 23 


306 ELEMENTARY NUMBER THEORY 


As a final example of Ramanujan’s creativity, we mention his unparalleled abil- 
ity to come up with infinite series representations for 2. Computer scientists have 
exploited his series 
1 V8 Sy (4n)! [1103 + 263907] 


x 9801 & (n!)4 396% 


to calculate the value of z to millions of decimal digits; each successive term in the 
series adds roughly eight more correct digits. Ramanujan discovered 14 other series 
for 1/z, but he gave almost no explanation as to their origin. The most remarkable 


of these is 
ao ->(’ ~912n+4— 


This series has the property that it can be used to compute the second block of k 
(binary) digits in the decimal expansion of z without calculating the first & digits. 


15.2 FINITE CONTINUED FRACTIONS 


In that part of the Liber Abaci dealing with the resolution of fractions into unit 
fractions, Fibonacci introduced a kind of “continued fraction.” For example, he 


employed the symbol aK : as an abbreviation for 
i+; 
ee = oe 
3 a Be Sead 


The modern practice is, however, to write continued fractions in a descending fashion, 
as with 


1+ 


B45 
A multiple-decked expression of this type is said to be a finite simple continued 
fraction. To put the matter formally, we give Definition 15.1. 


Definition 15.1. By a finite continued fraction is meant a fraction of the form 
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where ao, @1, ..., Gn are real numbers, all of which except possibly ao are positive. The 
numbers a), a2, ..., Gy, are the partial denominators of this fraction. Such a fraction is 
called simple if all of the a; are integers. 


Although giving due credit to Fibonacci, most authorities agree that the theory 
of continued fractions begins with Rafael Bombelli, the last of the great algebraists 
of Renaissance Italy. In his L’Algebra Opera (1572), Bombelli attempted to find 
Square roots by means of infinite continued fractions—a method both ingenious and 
novel. He essentially proved that \/13 could be expressed as the continued fraction 


4 
OS a 


6+ —- 


It may be interesting to mention that Bombelli was the first to popularize the work of 
Diophantus in the Latin West. He set out initially to translate the Vatican Library’s 
copy of Diophantus’s Arithmetica (probably the same manuscript uncovered by 
Regiomontanus), but, carried away by other labors, never finished the project. In- 
stead, he took all the problems of the first four Books and embodied them in his 
Algebra, interspersing them with his own problems. Although Bombelli did not dis- 
tinguish between the problems, he nonetheless acknowledged that he had borrowed 
freely from the Arithmetica. 

Evidently, the value of any finite simple continued fraction will always be a 
rational number. For instance, the continued fraction 


J 
3+ 1 
4+ i 
1+ 
445 
can be condensed to the value 170/53: 
] J 
A i 
so eae: (ae ae 5 
coe "9 
4+5 
J 
= 34 5 
va at 
eee 
7 53 
170 
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Theorem 15.1. Any rational number can be written as a finite simple continued frac- 
tion. 


Proof. Let a/b, where b > 0, be an arbitrary rational number. Euclid’s algorithm for 
finding the greatest common divisor of a and b gives us the equations 


a=bajt+r O<r, <b 
b=rja;+nr O<rn <r 
ry = roan +143 0<7r3<>1r2 


Vn—-2 =Tn-14n-1 TT n O<Tp <Tn-1 


I'n—1 = 'nAn +0 


Notice that because each remainder r; is a positive integer, a,, @2,..., @, are all posi- 
tive. Rewrite the equations of the algorithm in the following manner: 


a ae 2 
b b b 
r| 
b r2 ] 
-— Sq, t-7- HFagre 
ry r| os 
r2 
r\ 3 ] 
Sea 2 Sar 
r2 r2 a 
r3 

cae 

— Un 

rn 


If we use the second of these equations to eliminate b/r, from the first equation, 
then 


] 
= 505° = oor 
A a+ - 


In this result, substitute the value of r; /r2 as given in the third equation: 


: + 

— =a9 —_—_.- 
I 

; ra i 
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Continuing in this way, we can go on to get 


a ] 
ae i eeeanaas iia 


thereby finishing the proof. 


To illustrate the procedure involved in the proof of Theorem 15.1, let us represent 
19/51 as a continued fraction. An application of Euclid’s algorithm to the integers 


19 and 51 gives the equations 


51 =2-19+4 13 or 1/19: 2 13/19 


19=1-13+4+6 or 19/13 = 14+ 6/13 
13=2-64+1 or 13/6 =2+1/6 
6=6-1+0 or 6/6= 1 


Making the appropriate substitutions, it is seen that 


19 1 1 
et ol 13 
51 6 et 


1+—— 
2+ 


which is the continued fraction expansion for 19/51. 
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Because continued fractions are unwieldy to print or write, we adopt the conven- 
tion of denoting a continued fraction by a symbol that displays its partial quotients, 
say, by the symbol [ao; a1, ... , d,]. In this notation, the expansion for 19/51 is indi- 
cated by 


[0; 2, 1, 2, 6] 
and for 172/51 = 3+ 19/51 by 
[3; 2, 1, 2, 6] 


The initial integer in the symbol [ao; a), ... , @,] will be zero when the value of the 
fraction is positive but less than one. 

The representation of a rational number as a finite simple continued fraction is 
not unique; once the representation has been obtained, we can always modify the 
last term. For, if a, > 1, then 


a = (@q — 1) 41 = (@ -1) +5 
where a, — 1 is a positive integer; hence, 
[a93 41, ..-., Gn] = [ao3a1,...,4, — 1, 1] 
On the other hand, if a, = 1, then 


1 
os i os Cael a 


n 


so that 
Lao; ai, ee 89 aAn-1, An] —= [a0; a1, ses 9 aAn-2, aAn-| a5 1] 


Every rational number has two representations as a simple continued fraction, one 
with an even number of partial denominators and one with an odd number (it turns 
out that these are the only two representations). In the case of 19/51, 


19/51 = [0; 2, 1, 2, 6] = [0;2, 1, 2,5, 1] 


Example 15.1. We go back to the Fibonacci sequence and consider the quotient of 
two successive Fibonacci numbers (that is, the rational number u,4)/u,) written as 
a simple continued fraction. As pointed out earlier, the Euclidean Algorithm for the 
greatest common divisor of u, and u,+; produces the n — 1 equations 

Un+1 = ]: Un + Un—1 


Un = 1+ Un—1 +Un_2 


U4 =1-u3+ U2 

u3 = 2-u2+0 
Because the quotients generated by the algorithm become the partial denominators of 
the continued fraction, we may write 


ieee 9 cs Pe, RO, 


Un 
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But uy+1/Uun 1s also represented by a continued fraction having one more partial de- 


nominator than does [1;1,1,..., 1, 2]; namely, 
u 
ln a ae ee Be 


Un 
where the integer 1 appears n times. Thus, the fraction u,4) /u, has acontinued fraction 


expansion that is very easy to describe: There are n — 1 partial denominators all equal 


to 1. 
As a final item on this part of our program, we would like to indicate how the 


theory of continued fractions can be applied to the solution of linear Diophantine 
equations. This requires knowing a few pertinent facts about the “convergents” of a 


continued fraction, so let us begin proving them here. 
., Ay] by cutting off the 


Definition 15.2. The continued fraction made from [dap; a), 
expansion after the kth partial denominator a; is called the kth convergent of the given 


continued fraction and denoted by C;; in symbols, 
Cy = [03 a1, ..., ax] l<k<n 


We let the zeroth convergent Cop be equal to the number dp. 
A point worth calling attention to is that for k < n if a, is replaced by the value 
ay + 1/ax41, then the convergent C;, becomes the convergent Cx41; 


a a1, eee 9 Ak—15 Ak + —| 
Ak+1 
== [403 Q5.0045 Geis Gp, Geant = Crag 


It hardly needs remarking that the last convergent C,, always equals the rational 


number represented by the original continued fraction. 
Going back to our example 19/51 = [0; 2, 1, 2, 6], the successive convergents 


are 
Cy = 0 
] 1 
C; =[0;2}=0+-=- 
1 = [0; 2] aa ; 
Co =: (032, 1}-=0— = 
= 9—) — 2+1 3 
1 3 
C3 = [0;2, 1,2] =0+ ==> 
2+ 
1+5 


Ca = (022..1,2;6) 19/51 
Except for the last convergent C4, these are alternately less than or greater than 


19/51, each convergent being closer in value to 19/51 than the previous one. 
Much of the labor in calculating the convergents of a finite continued fraction 
., a,] can be avoided by establishing formulas for their numerators and 


[ao; a@1,.. 
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denominators. To this end, let us define numbers p;, and gq, (k =0,1,.. 


follows: 


Po = A qo = 1 
Pi =aano+1 qi =a 
Pk = 4k Pe-1 + Pr—2 dk = AkGk—-1 + Wk-2 


fOr k= 2, 3ehsag 


A direct computation shows that the first few convergents of [ao; a), ... 


are 
a 
ee ee 
lq 
1 1 
Cope = 
ay ay q\ 
1 an(ajdg + l) +a 
Cy = ay + — = MAM eae 
Sitee 2a) q2 
a2 


.,n) as 


) An | 


Success hinges on being able to show that this relationship continues to hold. This 


is the content of Theorem 15.2. 


Theorem 15.2. The kth convergent of the simple continued fraction [ag; a1, ..., dy] 


has the value 


C= O<k<n 


Proof. The previous remarks indicate that the theorem is true for k = 0, 1, 2. Let us 


assume that it is true fork = m, where 2 < m < n; that is, for this m, 


C — Pm _ InPm-1 + Pm-2 
7 dm AmQm—1 + Im—2 


(1) 


Note that the integers DPm—1, Gm—1, Pm—2> dm—2 Aepend on the first m — 1 partial de- 
nominators aj, a2, ..., Gn—, and, hence, are independent of a,,. Thus, Eq. (1) remains 


valid if a,, is replaced by the value a,, + 1/dam4: 


aa; yma dn + 
Am+1 
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As has been explained earlier, the effect of this substitution is to change C,, into the 
convergent C41, So that 


1 
(«, ar ) Pm-1 = Pm-—2 
Am+1 


1 
(«, ae ) dm—1 ar dm—2 
Am+1 


_ Am+1(am Pm-1 =f Pm-2) Fe Pm-1 
Am+1(AmYm-1 ar Gm-2) : dm—1 
Am+1 Pm ah: Pm-1 


Am+19m a dm—1 


Cin-+1 = 


However, this is precisely the form that the theorem should take in the case in which 
k =m +1. Therefore, by induction, the stated result holds. 


Let us see how this works in a specific instance, say, 19/51 = [0; 2, 1, 2, 6]: 


Po = 0 and gg=1 


piHO 2-11 
p2=1-14+0=1 
pe 21a S38 
pa=6-3+1=19 


qi =2 

Pee pee en 
Beas 
Rn | 


This says that the convergents of [0; 2, 1, 2, 6] are 


l l 

q0 q 2 qa 3 
3 19 
Gee Le 6 amas 
qg 8 qa Si 


as we know that they should be. 
The integers p,; and g;, were defined recursively for 0 < k <n. We might have 
chosen to put 


Pp-2= 0, p-1 = ] and q2 = 15:94 = 


One advantage of this agreement is that the relations 


Pk = Ak Pr-1 + Pr-2 and Gk = Akda—-1 + Gk-2 k=0,1,2,...,n 

would allow the successive convergents of a continued fraction [da,; a1, ...,€d,] to 
be calculated readily. There is no longer a need to treat po/qo and p;/q, separately, 
because they are obtained directly from the first two values of k. Itis often convenient 


to arrange the required calculations in tabular form. To illustrate with the continued 
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fraction [2; 3, 1, 4, 2], the work would be set forth in the table 


k 2 -1 0 1 2 3 4 
ar x Ss 4 4 2 
pr —O 1 2 7. 9 43 95 
| } 3 2 19 42 
Cr 2/1 7/3 9/4 43/19 95/42 


Notice that [2; 3, 1, 4, 2] = 95/42. 
We continue our development of the properties of convergents by proving 
Theorem 15.3. 


Theorem 15.3. If Cy, = px/q, is the kth convergent of the finite simple continued 
fraction [do; a), ...,d,], then 


PeQk—1 — Ge Pk—1 = (—1)*! I<k<n 
Proof. Induction on k works quite simply, with the relation 
Pigo — 41 Po = (aiao + 1)- 1 — ay - a9 = 1 =(-1)"" 


disposing of the case k = 1. We assume that the formula in question is also true for 
= m, where 1 < m <n. Then 


Pm+idm — Im+i1Pm = (Am+1Pm + Pm—1)Gm 
— (Am+19m + Ym—1)Pm 
= —(Pm4m-1 — Im Pm-1) 

= —(-1)""' = (-1)” 


and so the formula holds for m + 1, whenever it holds for m. It follows by induction 
that it is valid for all k with 1 < k <n. 


A notable consequence of this result is that the numerator and denominator of 
any convergent are relatively prime, so that the convergents are always given in 
lowest terms. 


Corollary. For 1 < k <n, p, and gx are relatively prime. 


Proof. If d = gcd(px, qx), then from the theorem, d | (—1)*~!; because d > 0, this 
forces us to conclude that d = 1. 


Example 15.2. Consider the continued fraction [0; 1, 1, ..., 1] in which all the partial 
denominators are equal to 1. Here, the first few convergents are 


Co = 0/1 Cy = 1/1 Cy = 1/2 Cx = 2773 Ca 3/9724 
Because the numerator of the kth convergent C; is 
Pe = 1+ pr-1 + Pr-2 = Pe-1 + Pr-2 
and the denominator is 


Qk = 1+ qe-1 + Gk-2 = Gk—-1 + Uk-2 
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it is apparent that 
Uk 


C= k>2 
Uk+] 
where the symbol u, denotes the kth Fibonacci number. In the present context, the 
identity pegxu—1 — Gk Pe-1 = (—1)*~! of Theorem 15.3 assumes the form 
Ue — Un pUe1 = (-1)! 


This is precisely Eq. (3) on page 292. 


Let us now turn to the linear Diophantine equation 
ax +by=c 
where a, b, c are given integers. Because no solution of this equation exists ifd { c, 
where d = gcd(a, b), there is no harm in assuming that d | c. In fact, we need only 
concern ourselves with the situation in which the coefficients are relatively prime. 
For if gcd(a , b) = d > 1, then the equation may be divided by d to produce 
a a b @ 
—X em — 
d ‘dd 
Both equations have the same solutions and, in the latter case, we know that 
gcd(a/d, b/d) = 1. 
Observe, too, that a solution of the equation 
ax +by=c gecd(a,b)= 1 
may be obtained by first solving the Diophantine equation 
ax +by=1 gcd(a,b) = 1 
Indeed, if integers x9 and yo can be found for which axo + byo = 1, then multipli- 
cation of both sides by c gives 
a(cxo) + b(cyo) = ¢ 


Hence, x = cxo and y = cyg 1s the desired solution of ax + by = c. 
To secure a pair of integers x and y satisfying the equation ax + by = 1, expand 
the rational number a/b as a simple continued fraction; say, 


a 
ae [a0; 1, .--, An] 
Now the last two convergents of this continued fraction are 
—| a 
CS and GaP = 
dn-1 Qn b 


Because gcd( py, , dn) = 1 = gcd(a, b), it may be concluded that 
Pnon=a and G= Db 

By virtue of Theorem 15.3, we have 
Pn4n—1 — AnPn—\ = (-1)"™ 

or, with a change of notation, 


Agn—| — bpy-1 = (—1)""! 
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Thus, with x = g,_,; and y = — p,_1, we have 
ax + by =(—1)""! 


If n is odd, then the equation ax + by = 1 has the particular solution x9 = gy_1, 
Yo = —Pn—1; whereas if n is an even integer, then a solution is given by x9 = —qpn-1, 
Yo = Pn—1- Our earlier theory tells us that the general solution is 


x=xo+)t y= yo —at P= 0-612. 3: 


Example 15.3. Let us solve the linear Diophantine equation 
172x + 20y = 1000 


by means of simple continued fractions. Because gcd(172 , 20) = 4, this equation may 
be replaced by the equation 


43x +5y = 250 
The first step is to find a particular solution to 
43x+5y=1 


To accomplish this, we begin by writing 43/5 (or if one prefers, 5/43) as a simple 
continued fraction. The sequence of equalities obtained by applying the Euclidean 
Algorithm to the numbers 43 and 5 is 


43 =8-5+3 

2 — soc ee ae, 

3=1-2+1 

2S 2%) 

so that 
| 
43/5 = [8;1, 1,2] =8+ i 
1+ ; 

ie 


The convergents of this continued fraction are 
Co = 8/1 C; =9/1 CS 17/2 C3 = 43/5 


from which it follows that po = 17, q2 = 2, p3 = 43, and q3 = 5. Falling back on 
Theorem 15.3 again, 


P3q2 — 93p2 = (-1)""! 
or in equivalent terms, 
43-2—5-17=1 
When this relation is multiplied by 250, we obtain 
43 - 500 + 5(—4250) = 250 
Thus, a particular solution of the Diophantine equation 43x + 5y = 250 is 
Xo = 500 yo = —4250 
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The general solution is given by the equations 


x = 500+ 35t y = —4250 — 431 es @ aa oll es 


Before proving a theorem concerning the behavior of the odd- and even- 
numbered convergents of a simple continued fraction, a preliminary lemma is re- 
quired. 


Lemma. If g, is the denominator of the kth convergent C; of the simple continued 
fraction [adg;@,,...,@,], then gx—1 < qx for 1 < k <n, with strict inequality when 
k> 1. 


Proof. We establish the lemma by induction. In the first place, gg = 1 < a, = q1, So 
that the asserted equality holds when k = 1. Assume, then, that it is true for k = m, 
where 1 < m <n. Then 


Am+1 = 4m+14m a Qm-1 > Am+19m 2 | - dm = dm 


so that the inequality is also true fork =m-+1. 
With this information available, it is an easy matter to prove Theorem 15.4. 


Theorem 15.4. (a) The convergents with even subscripts form a strictly increasing 
sequence; that is, 


Co < Cr < C4 <-:- 
(b) The convergents with odd subscripts form a strictly decreasing sequence; that is, 
Ci > C3 >C5 >-::- 
(c) Every convergent with an odd subscript is greater than every convergent with an 
even subscript. 
Proof. With the aid of Theorem 15.3, we find that 
Crsa — Cy = (Cyr — Cri) + (Cini — Cx) 
_ (22 2 Pict) rn Ge 7 2) 
Gk+2 dk+1 Qk+1 qk 
=| k+1 —] k 
aoe Gs 
Qk+29k+1 Qk+19k 
— (1 Ger2 — 4) 


Vk Vk+19k+2 


Recalling that g; > O for all i > O and that gx42 — qx > O by the lemma, it is evident 
that Cy42 — Cy has the same algebraic sign as does (—1)*. Thus, if k is an even integer, 
say k = 2], then Co;42 > Crj;; whence 


Co < Cr < C4 <--- 
Similarly, if k is an odd integer, say kK = 27 — 1, then Cyj41 < C2;-1; whence 


Ci, > C3 >C5>-:-:- 
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It remains only to show that any odd-numbered convergent C2,_; is greater than any 
even-numbered convergent C2,. Because pegx—1 — Gk Pe—1 = (—1)*“', upon dividing 
both sides of the equation by gxgx—1, we obtain 

Pe Pras (DY 

Cp = C4 = 

qk qk—1 Gkqk—-1 
This means that C2; < C2;~1. The effect of tying the various inequalities together is 
that 


95° Cigiap = Coop = Ci a4 


as desired. 


To take an actual example, consider the continued fraction [2; 3, 2, 5, 2, 4, 2]. 


A little calculation gives the convergents 


Co=2/1 Cy=7/3  Co=16/7 C3 =87/38 
C,= 190/83 Cs =847/370 Ce. = 1884/823 


According to Theorem 15.4, these convergents satisfy the chain of inequalities 


2 < 16/7 < 190/83 < 1884/823 < 847/370 < 87/38 < 7/3 


This is readily visible when the numbers are expressed in decimal notation: 


2 < 2.28571--- < 2.28915--- < 2.28918--- < 2.28947... < 2.33333.--- 


PROBLEMS 15.2 


1F 


Express each of the rational numbers below as finite simple continued fractions: 
(a) —19/51. 

(b) 187/57. 

(c) 71/55. 

(d) 118/303. 


. Determine the rational numbers represented by the following simple continued fractions: 


(a) [—2; 2, 4, 6, 8]. 
(b) [4; 2, 1, 3, 1, 2, 4]. 
(c) [0; 1, 2, 3, 4, 3, 2, 1]. 


. Ifr = [ao; a), a2, ..., A,], where r > 1, show that 
= [0; ao, Q,.-- , An | 
r 
. Represent the following simple continued fractions in an equivalent form, but with an 


odd number of partial denominators: 
(a) [0;3, 1, 2, 3). 

(b) [—1;2, 1, 6, 1]. 

(c) [2335.1 251,11]; 


. Compute the convergents of the following simple continued fractions: 


(a) [1; 2, 3, 3, 2, 1]. 
10) il Caer 0) Ors Oras ow be B 
(c) [0;2, 4, 1, 8, 2]. 


11. 


12. 
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. (a) If Cy = px/qx denotes the kth convergent of the finite simple continued fraction 


[1;2,3,4,...,n,n-+ 1], show that 
Pn = NPn—1 + Npn—-2 + (n — 1)pn-3 + +++ +3p1 +2po + (po + 1) 


[Hint: Add the relations pp=1, p) =3, pe =(kK4+1)pe_-1 + pe-2 for k = 
22 bang hel 
(b) Illustrate part (a) by calculating the numerator p, for the fraction [1; 2, 3, 4, 5]. 


. Evaluate pz, gx, and C;,(k = 0, 1, ..., 8) for the simple continued fractions below; notice 


that the convergents provide an approximation to the irrational numbers in parentheses: 
(a) [15 2,2,2,2,.2, 2,2, 21:G/2): 


(b) [1: 1,2, 1,2, 1,2, 1, 2] (V3). 

(c) [2;4, 4, 4, 4, 4, 4, 4, 4] (5). 

(d) [2;2,4, 2,4, 2, 4, 2, 4] (6). 

(e) [2;1, 1, 1,4, 1, 1, 1,4] (7). 
. If Cy = pxr/qx is the kth convergent of the simple continued fraction [dp; a1, ..., Gn], 


establish that 
Qe Ne Deepen 


[Hint: Observe that gx = axqx—1 + Ge—2 = 2Gx-2.] 


. Find the simple continued fraction representation of 3.1416, and that of 3.14159. 
. If Ce = pr/gx is the kth convergent of the simple continued fraction [d; a1, ..., a, ] and 
ay > O, show that 
te [a3 Ak-1,---, 1, ao] 
Pk-1 
and 
a [a3 Qx-1,---, 42, ay] 
qk-1 
[Hint: In the first case, notice that 
Pro | Pk-2 
Pk-1 7 Pk-1 
1 
= ay + Pea’ ] 
Pk-2 


By means of continued fractions determine the general solutions of each of the following 
Diophantine equations: 

(a) 19x +5ly=1. 

(b) 364x + 227y = 1. 

(c) 18x + 5y = 24. 

(d) 158x —57y = 1. 

Verify Theorem 15.4 for the simple continued fraction [1; 1, 1, 1, 1, 1, 1, 1]. 


15.3. INFINITE CONTINUED FRACTIONS 


Up to this point, only finite continued fractions have been considered; and these, 
when simple, represent rational numbers. One of the main uses of the theory of 
continued fractions is finding approximate values of irrational numbers. For this, the 
notion of an infinite continued fraction is necessary. 
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An infinite continued fraction is an expression of the form 


by 
ie = 
2 
ay + 5 
3 
3) aa 
a3 -{- oe 
where do, @, d2,... and b,, bo, b3,... are real numbers. An early example of a 


fraction of this type is found in the work of William Brouncker who converted (in 
1655) Wallis’s famous infinite product 


4 3-3-5.5-7-7--- 
tw Osh 466s Ques 
into the identity 
Cua I? 
ct 3° 
2+ a3 
2+ 7 
2 
Peas 


Both Wallis’s and Brouncker’s discoveries aroused considerable interest, but their 
direct use in calculating approximations to z is impractical. 

In evaluating infinite continued fractions and in expanding functions in con- 
tinued fractions, Srinivasa Ramanujan has no rival in the history of mathematics. 
He contributed many problems on continued fractions to the Journal of the Indian 
Mathematical Society, and his notebooks contain about 200 results on such fractions. 
G. H. Hardy, commenting on Ramanujan’s work, said “On this side [of mathematics] 
most certainly I have never met his equal, and I can only compare him with Euler 
or Jacobi.” Perhaps the most celebrated of Ramanujan’s fraction expansions is his 
assertion that 


ons{ [StvV5  14+V5 1 
e —_—_——__— — Se ee 
2 pi ent 
es 


[ae 


ee 


Part of its fame rests on its inclusion by Ramanujan in his first letter to Hardy in 
1913. Hardy found the identity startling and was unable to derive it, confessing later 
that a proof “completely defeated” him. Although most of Ramanujan’s marvelous 
formulas have now been proved, it is still not known what passage he took to discover 
them. 
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In this section, our discussion will be restricted to infinite simple continued 
fractions. These have the form 


ag + 


i 
eo 

where do, @1, 2, ... 1S an infinite sequence of integers, all positive except possibly 

for do. We shall use the compact notation [dg; a, a2, .. .] to denote such a fraction. 

To attach a mathematical meaning to this expression, observe that each of the finite 

continued fractions 


Cr = [d0; a1, A2,..-, An] n=O 


is defined. It seems reasonable therefore to define the value of the infinite continued 
fraction [dg; a 1, a2,...] to be the limit of the sequence of rational numbers C,, 
provided, of course, that this limit exists. In something of an abuse of notation, we 
shall use [a9; a1, a2, .. .] to indicate not only the infinite continued fraction, but also 
its value. 

The question of the existence of the just-mentioned limit is easily settled. For, 
under our hypothesis, the limit not only exists but is always an irrational number. 
To see this, observe that formulas previously obtained for finite continued fractions 
remain valid for infinite continued fractions, because the derivation of these relations 
did not depend on the finiteness of the fraction. When the upper limits on the indices 
are removed, Theorem 15.4 tells us that the convergents C,, of [do; a1, a2, . . .] satisfy 
the infinite chain of inequalities: 


Co < Co < Cy < +--+ < Coy < +++ < Conny < +++ < C5 < C3 < C) 


Because the even-numbered convergents C2, form a monotonically increasing se- 
quence, bounded above by C}, they will converge to a limit q@ that is greater than 
each C>,. Similarly, the monotonically decreasing sequence of odd-numbered con- 
vergents C,4; 1s bounded below by Co and so has a limit a’ that is less than 
each C>,4,. Let us show that these limits are equal. On the basis of the relation 


P2n+192n — G2n+1P2n = (—1)7” we see that 


/ P2n+1 P2n ft 
a —a < Cons, — Con = — — 


q2n+1 q2n G2nQ2n+1 


whence, 


jie -e)4—— 

42n42n+1 9 n 
Because the g; increase without bound asi becomes large, the right-hand side of this 
inequality can be made arbitrarily small. If a’ and a were not the same, then a con- 
tradiction would result (that is, 1/ q,, could be made less than the value | vw’ — @ |). 
Thus, the two sequences of odd- and even-numbered convergents have the same 
limiting value a, which means that the sequence of convergents C,, has the limit a. 
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Definition 15.3. If ao, a,, a2, .. . is an infinite sequence of integers, all positive except 
possibly ao, then the infinite simple continued fraction [ao; a, a2, .. .] has the value 


lim [a9; 41, d2,..-, An] 
n—->Co 


It should be emphasized again that the adjective “simple” indicates that the 
partial denominators a, are all integers; because the only infinite continued fractions 
to be considered are simple, we shall often omit the term in what follows and call 
them infinite continued fractions. 

Perhaps the most elementary example is afforded by the infinite continued frac- 
tion [1;1, 1, 1,...]. The argument of Example 15.1 showed that the nth convergent 


C, = [1;1,1,..., 1], where the integer 1 appears n times, is equal to 
C= aa n>0O 
Uy 


a quotient of successive Fibonacci numbers. If x denotes the value of the continued 
fraction [1;1,1,1,...], then 


; : Un+1 Un F Un-| 
x= lim C, = lm = lim 
n—->Co nO Uy n—->Oo Uy 
1 
= lim 1+ 7 —e ee | ae 
n—->co n ; n 
lim 
Un—| n> Un—|] 


2 


This gives rise to the quadratic equation x“ — x — 1 = 0, whose only positive root 


is x = (1+ 5)/2. Hence, 


14/5 
2 
There is one situation that occurs often enough to merit special terminology. If 
an infinite continued fraction, such as [3; 1, 2, 1, 6, 1, 2, 1, 6,...], contains a block 
of partial denominators b;, b2,..., b, that repeats indefinitely, the fraction is called 
periodic. The custom is to write a periodic continued fraction 


== eae ad Be eee 


[do;@1,.-.-,Qm,01,..-.,0n,b1,...,bn,...] 


more compactly as 


[a03 a1, SalessCl sO Ls ee 
where the overbar indicates that this block of integers repeats over and over. If 
b,,b2,..., by, is the smallest block of integers that constantly repeats, we say that 
b,, bo, ..., by, 18 the period of the expansion and that the length of the period is n. 


Thus, for example, [3;1, 2, 1,6] would denote [3;1, 2, 1,6, 1, 2, 1,6,...], a con- 
tinued fraction whose period 1, 2, 1, 6 has length 4. 

We saw earlier that every finite continued fraction is represented by a rational 
number. Let us now consider the value of an infinite continued fraction. 
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Theorem 15.5. The value of any infinite continued fraction is an irrational number. 


Proof. Let us suppose that x denotes the value of the infinite continued fraction 


[ao; a1, 2, ...]; that is, x is the limit of the sequence of convergents 
Pn 
Cr = [@0; 41, 42,...,@,] = — 
n 


Because x lies strictly between the successive convergents C,, and C;,41, we have 


Pn+l1 _ Pn | 
Qn+1 Gn Qn4n+1 


With the view to obtaining a contradiction, assume that x is a rational number; say, 
x = a/b, where a and b > 0 are integers. Then 


O<|x—-—C,| < (Cai -Gal= 


cag is) : 
b Gn Gn Qn+1 


and so, upon multiplication by the positive number bq,, 


0< 


0< | adn — bpy | < 
Gn+1 


We recall that the values of g; increase without bound as 7 increases. If n is chosen so 
large that b < gy+1, the result is 
O< | qn — bpn | <I 


This says that there is a positive integer, namely | ag, — bp, |, between 0 and 1—an 
obvious impossibility. 


We now ask whether two different infinite continued fractions can represent the 
same irrational number. Before giving the pertinent result, let us observe that the 
properties of limits allow us to write an infinite continued fraction [ao; a1, a2, ...] as 


[ao; a1, d2,...] = lim [ao3 a1, ..., ay] 
n—->Cco 
1 
= lim [| ad + ——_——_ 
n> 00 [a13a2,..., ay] 
be 1 
= ag — SS 
lim [a)3d2,..., an] 
n->co 
1 
= ao + 


[a13; a2, 43,...] 


Our theorem is stated as follows. 


Theorem 15.6. If the infinite continued fractions [ap; a), az, ...] and [bo; bj, bo, .. .] 
are equal, then a,, = b, for all n > 0. 


Proof. If x = [ao; a1, a2,...], then Co < x < Cj, which is the same as saying that 
ag < XxX <a) + 1/a,. Knowing that the integer a, > 1, this produces the inequality 
ag < xX < ad) + 1. Hence, [x] = do, where [x] is the traditional notation for the greatest 
integer or “bracket” function (page 117). 
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Now assume that [ao; a1, d2,...] = x = [bo; bj, bo, ...] or, to put it in a different 
form, 
+ bo + 
ag OX EH 1 FO 
[a1;a2,...] [b1; b2,...] 
By virtue of the conclusion of the first paragraph, we have ag = [x] = bo, from which it 
may then be deduced that [a; az, .. .] = [b); b2, .. .]. When the reasoning is repeated, 
we next conclude that a, = b, and that [a2; a3, ...] = [b2; b3, ...]. The process con- 
tinues by mathematical induction, thereby giving a, = b, for all n > 0. 


Corollary. Two distinct infinite continued fractions represent two distinct irrational 
numbers. 


Example 15.4. To determine the unique irrational number represented by the infinite 


continued fraction x = [3; 6, 1, 4], let us write x = [3; 6, y], where 
y = [134] = 0154, yl 
Then 
1 Sy + 1 
CN ap a i an 
4+- z 
y 


which leads to the quadratic equation 


4y* —4y-1=0 


Inasmuch as y > 0 and this equation has only one positive root, we may infer that 


[BA 
Lp 
From x = [3; 6, y], we then find that 
or | _ 25+ 19./2 
ree 8 + 6/2 
1a? 
2 
_ (25 + 19V2)(8 — 6V2) 
(8 + 62)(8 — 6V2) 
14—/2 
ae ae 
that is, 
(3:6, 1,4] = = 


Our last theorem shows that every infinite continued fraction represents a unique 


irrational number. Turning matters around, we next establish that an arbitrary irra- 
tional number x9 can be expanded into an infinite continued fraction [do; a1, a2, .. .] 
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that converges to the value xo. The sequence of integers do, a1, a2, ... 1S defined as 
follows: Using the bracket function, we first let 
1 1 1 
X1 — X2 = X3 —. ee 
xo — [xo] x1 — [x1] x2 — [x2] 


and then take 
ao = [xo] a, = [x1] az = [x2] a3 = [x3]-:: 


In general, the a, are given inductively by 


1 
ay = [xx] SS k>0 
Xk — Ak 
It is evident that x, 1s irrational whenever x, is irrational; and because we are 
confining ourselves to the case in which Xo is an irrational number, all x, are irrational 


by induction. Thus, 
O < x, — ay = XK — [xe] < 1 


and we see that 


1 
xii =——— > 1 
Xk — Ak 
so that the integer ay4, = [x,41] = 1 for all k > O. This process therefore leads to 
an infinite sequence of integers dg, a), a2, ..., all positive except perhaps for apo. 
Employing our inductive definition in the form 


ke == 6p — k>0 
Xk+1 


through successive substitutions, we obtain 


1 
xo = ag + — 
x| 


i ay 
a 
x2 

1 
= 49 + —— {7 
ay + ——- 
ar + — 
x3 


= [ao; aj, a2, e889 Ais Mya 


for every positive integer n. This makes one suspect—and it is our task to show—that 
Xo is the value of the infinite continued fraction [do; a), dz, ...]. 

For any fixed integer n, the first n + 1 convergents C, = px/qx, wWhereO <k < 
n, Of [ao; a1, Az, ...] are the same as the first n + 1 convergents of the finite continued 
fraction [do; 1, d2,..., An, Xn+1]. If we denote the (n + 2)th convergent of the latter 


326 ELEMENTARY NUMBER THEORY 


by C,,,,, then the argument used in the proof of Theorem 15.2 to obtain C,,., from 


C, by replacing a, by a, + 1/a,+.; works equally well in the present setting; this 
enables us to obtain C’, ,, from C,41 by replacing an+1 by Xn41: 


/ ; 
Xo = C4 = Lao; a{,a2,..-.,4n, Xn+1] 


— Xn41Pn + Pn-1 
Xn+19n + Gn-1 


Because of this, 


Xn4+1Pn + Pn-1 7 Pn 


Xo — Cc; = 
Xn+19n Ir Gn-1 dn 
= (—1)(Pngn-1 — GnPn-1) _ (—1)” 
(Xn419n a Gn—1)4n (Xn419n Si Gn—1)4n 


where the last equality relies on Theorem 15.3. Now x,41 > @n+41, and therefore 


1 1 1 
a a a re 
(Xn419n = Gn—1)4n (An4+19n =r GQn—1)4n Gn4+19n 


|xo —C, | = 
Because the integers qg, are increasing, the implication is that 
xo = lim C, = [03 41, a, ...] 
n-> CO 
Let us sum up our conclusions in Theorem 15.7. 


Theorem 15.7. Every irrational number has a unique representation as an infinite con- 
tinued fraction, the representation being obtained from the continued fraction algorithm 
described. 


Incidentally, our argument reveals a fact worth recording separately. 


Corollary. If p,/q, 1s the nth convergent to the irrational number x, then 
1 1 
S22 
Gn+19n Gn 


Pn 
X a a ee 
dn 


We give two examples to illustrate the use of the continued fraction algorithm 
in finding the representation of a given irrational number as an infinite continued 
fraction. 


Example 15.5. For our first example, consider x = /23 ~ 4.8. The successive irra- 
tional numbers x; (and therefore the integers a, = [x;,]) can be computed rather easily, 
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with the calculations exhibited below: 
= 723 = 44+ (v23 —- 4) ap =4 
1 1 _ v23 +4 /23 —3 


= = = 1+ —_——— a, = 1 


xo — [xo] /23—4 4. #7. 7 
1 7  — V23+43 G33 


MS Se = 3+ ———— a, = 3 


=. «2-3. 2 
1 2 _ ¥23+3 23-4 


43 = ——_ = = 


— [x2] — 7 é| 


1 

x= = V723+4=84(vV23 —- 4) a4=—8 
oe [x3] J/ Poca 

Because x5 = x1, also x6 = x2, X7 = X3, Xg = X4; then we get x9 = x5 = x), and so 

on, which means that the block of integers 1, 3, 1, 8 repeats indefinitely. We find that 

the continued fraction expansion of J 23 is periodic with the form 


23 = 45 1; 35-18) 13 33 18h 
= (4; 1, 3, 1, 8] 


Example 15.6. To furnish a second illustration, let us obtain several of the convergents 
of the continued fraction of the number 


mw = 3.141592653 - - - 


defined by the ancient Greeks as the ratio of the circumference of a circle to its diameter. 
The letter 2, from the Greek word perimetros, was never employed in antiquity for this 
ratio; it was Euler’s adoption of the symbol in his many popular textbooks that made 
it widely known and used. 

By straightforward calculations, we see that 


xo =a =3+4+(m —-3) ap = 3 
= — = ie = 7.06251330--- a,j =7 
x= — = ean = 15.99659440.--- ay = 15 
= = appa = 100341723 a3, = 1 
bo — a = ee ee = 292.63467 - - - a4 = 292 


—[x3] 0.00341723.---. 


Thus, the infinite continued fraction for 7 starts out as 
w= (377,15, 1,.292;.2<] 


but, unlike the case of 23 in which all the partial denominators a, are explicitly 
known, there is no pattern that gives the complete sequence of a,. The first five 
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convergents are 
3. 22 333 355 103993 


1’ 7’ 106’ 113’ 33102 
As acheck on the Corollary to Theorem 15.7, notice that we should have 
22) 1 
7 T 
Now 314/100 < m2 < 22/7, and therefore 
22 22 314 ] 
on emg = 


< 


7\ 9% 100 7:50 7 


as expected. 


Unless the irrational number x assumes some very special form, it may be 
impossible to give the complete continued fraction expansion of x. We can prove, 
for instance, that the expansion for x becomes ultimately periodic if and only if 
x is an irrational root of a quadratic equation with integral coefficients, that is, 
if x takes the form r + s/d, where r and s ~ 0 are rational numbers and d is 
a positive integer that is not a perfect square. But among other irrational numbers, 
there are very few whose representations seem to exhibit any regularity. An exception 
is another positive constant that has occupied the attention of mathematicians for 
many centuries, namely, 


é€ = 2.718281828 --- 


the base of the system of natural logarithms. In 1737, Euler showed that 


—1 
1061094 AS: 
e+] 
where the partial denominators form an arithmetic progression, and that 
ek — 0:1, 3,5,7,9,...] 
e2 a 1 — b) b) 9 3 9 9.9 8 8 


The continued fraction representation of e itself (also found by Euler) is a bit more 
complicated, yet still has a pattern: 


C= (2015251514 16. el 


with the even integers subsequently occurring in order and separated by two 1’s. 
With regard to the symbol e, its use is also original with Euler and it appeared in 
print for the first time in one of his textbooks. 

In the introduction to analysis, it is usually demonstrated that e can be defined 
by the infinite series 

= 1 1 1 1 
e= Var op) ap a 

If the reader is willing to accept this fact, then Euler’s proof of the irrationality of e 
can be given very quickly. Suppose to the contrary that e is rational, say e = a/b, 
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where a and b are positive integers. Then for > b and also n > 1, the number 


is a positive integer because multiplication by n! clears all the denominators. When 
e is replaced by its series expansion, this becomes 


1 1 1 
esl (sata taet) 


1 1 1 
Fo G2 pas Gola to@ss 
1 1 1 


al eG eo) eee 


ee ere cae a Wee Ge. ts 
nti n+l n+2 n+2 n+3 


2 
< 
n+1 


Because the inequality 0 < N < 1 is impossible for an integer, e must be irrational. 
The exact nature of the number z offers greater difficulties; J. H. Lambert (1728— 
1777), in 1761, communicated to the Berlin Academy an essentially rigorous proof 
of the irrationality of z. 

Given an irrational number x, a natural question is to ask how closely, or with 
what degree of accuracy, it can be approximated by rational numbers. One way of 
approaching the problem is to consider all rational numbers with a fixed denominator 
b > 0. Because x lies between two such rational numbers, say c/b < x < (c + 1)/b, 
it follows that 


1 


Cc 1 
tae ba 
Better yet, we can write 
a 1 
51 <3 


where a =c or a=c-+1, whichever choice may be appropriate. The continued 
fraction process permits us to prove a result that considerably strengthens the last- 
written inequality, namely: Given any irrational number x, there exist infinitely many 
rational numbers a/b in lowest terms that satisfy 
a 

ine 
In fact, by the corollary to Theorem 15.7, any of the convergents p,/q, of the 
continued fraction expansion of x can play the role of the rational number a/b. The 
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forthcoming theorem asserts that the convergents p,/q, have the property of being 
the best approximations, in the sense of giving the closest approximation to x among 
all rational numbers a/b with denominators q,, or less. 

For clarity, the technical core of the theorem is placed in the following lemma. 


Lemma. Let p,/q, be the nth convergent of the continued fraction representing the 
irrational number x. If a and b are integers, with 1 < b < gy41, then 


|QnX — Pn| < | bx —a| 


Proof. Consider the system of equations 


Pn@® + PnsiB =a 
Gn@ + Gn4iB = b 


With the determinant of the coefficients being Prdn+1 — YnPn+1 = (—1)""', the system 
has the unique integral solution 


a= (—1)"*" agn41 — bpn+1) 

p= (—1)"*" (bp, — an) 
It is well to notice that a ~ 0. In fact, a =O yields ag,+4; = bpn+; and, because 
gcd( pnt» 9n+1) = 1, this means that g,,) |b or b > Gdn41, which is contrary to hy- 


pothesis. In the event that 8 = O, the inequality stated in the lemma is clearly true. For 
B = Oleads toa = p,a, b = qn and, as a result, 


|bx —a| = |a||qnx — pn| = |4nX — Pn | 


Thus, there is no harm in assuming hereafter that B + 0. 

When £ 4 0, we argue that a and 6 must have opposite signs. If 6 < 0, then 
the equation g,@ = b — qniif indicates that g,a > O and, in turn, a > 0. On the 
other hand, if B > 0, then b < gyi; implies that b < Bgy+1, and therefore ag, = 
b — Gn+1B < 0; this makes a < 0. We also infer that, because x stands between the 
consecutive convergents Py, /Gn and Py+1/Gn+1, 


GnX — Pn and Gn+1X — Pnt+i 


will have opposite signs. The point of this reasoning is that the numbers 


a(GnX — Pn) and B(Gn+1X — Pn+1) 


must have the same sign; in consequence, the absolute value of their sum equals the 
sum of their separate absolute values. It is this crucial fact that allows us to complete 
the proof quickly: 
|bx —a| = | (Gn@ + Gn41B)X — (Pn + PnsiB) | 
= | @(Gnx _ Pn) + B(dn4ix = Pn+1) | 
=|a| |GnxX — Pn| +] B| | Qn+1X — Pn+i | 
> | a | | @nX — Pn | 


> |QnX — Pn | 


which is the desired inequality. 
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The convergents p,/g, are best approximations to the irrational number x in 
that every other rational number with the same or smaller denominator differs from 


x by a greater amount. 


Theorem 15.8. If 1 < b < q,, the rational number a/b satisfies 


x— B) <|2-$ 
—— Ss X—- 
Qn b 
Proof. If it were to happen that 
- 2 |>|-5 
Gn b 
then 
p a 
| @nX — Pn | = 4n x—— > b|x— 2) = |bx -a 
n 


violating the conclusion of the lemma. 


Historians of mathematics have focused considerable attention on the attempts 
of early societies to arrive at an approximation to 2, perhaps because the increas- 
ing accuracy of the results seems to offer a measure of the mathematical skills of 
different cultures. The first recorded scientific effort to evaluate 2 appeared in the 
Measurement of a Circle by the great Greek mathematician of ancient Syracuse, 
Archimedes (287-212 B.c.). Substantially, his method for finding the value of z 
was to inscribe and circumscribe regular polygons about a circle, determine their 
perimeters, and use these as lower and upper bounds on the circumference. By this 
means, and using a polygon of 96 sides, he obtained the two approximations in the 
inequality 


223/ ) ls = 2277 


Theorem 15.8 provides insight into why 22/7, the so-called “Archimedean value 
of 7,’ was used so frequently in place of zr; there is no fraction, given in lowest terms, 
with a smaller denominator that furnishes a better approximation. Whereas 


223 


=~ 0.0012645 and T — aT ~ 0.0007476 


ti- —_— 
7 


Archimedes’ value of 223/71, which is not a convergent of 2, has a denominator 
exceeding g; = 7. Our theorem tells us that 333/106 (a ratio for 2 employed in 
Europe in the 16th century) will approximate z more closely than any rational 
number with a denominator less than or equal to 106; indeed, 


333 


106 


~~ 0.0000832 


Because of the size of gq = 33102, the convergent p3/q3 = 355/113 allows one 
to approximate z with a striking degree of accuracy; from the corollary to 
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Theorem 15.7, we have 
355 1 3 
t—-—~-| < —————  < — 
113 113-33102 10’ 
The noteworthy ratio of 355/113 was known to the early Chinese mathematician 
Tsu Chung-chi (430-501); by some reasoning not stated in his works, he gave 22/7 
as an “inaccurate value” of mz and 355/113 as the “accurate value.” The accuracy of 
the latter ratio was not equaled in Europe until the end of the 16th century, when 
Adriaen Anthoniszoon (1527-1617) rediscovered the identical value. 
This is a convenient place to record a theorem that says that any “close” (in a 
suitable sense) rational approximation to x must be a convergent to x. There would 
be a certain neatness to the theory if 


nes i < be 
implied that a/b = p,/qGn for some n; although this is too much to hope for, a slightly 
sharper inequality guarantees the same conclusion. 


| a 1 


Theorem 15.9, Let x be an arbitrary irrational number. If the rational number a/b, 
where b > | and gcd(a, b) = 1, satisfies 


jsf | <5 
A Be Opp 


then a/b is one of the convergents p,,/g, in the continued fraction representation of x. 


Proof. Assume that a/b is not a convergent of x. Knowing that the numbers g;, form 

an increasing sequence, there exists a unique integer n for which gq, <b < qn41. For 

this n, the last lemma gives the first inequality in the chain 
a ] 

x— <|bx—-a =b|x-5 |< 

|QnX — Pn| S| | ess 


which may be recast as 


In view of the supposition that a/b 4 p,/qn, the difference bp, — ag, is a nonzero 
integer, whence 1 < | bp, — aq, |. We are able to conclude at once that 

oo, ear dne||  Nene da pe ee 

ban ban Gn  b Qn b 2bq, 2b 


This produces the contradiction b < g,, ending the proof. 


; ae 


PROBLEMS 15.3 


1. Evaluate each of the following infinite simple continued fractions: 
(a) [2; 3]. 
(b) [0; 1, 2, 3]. 
(c) [25 1, 2, 1]. 


10. 


11. 


CONTINUED FRACTIONS 333 


(d) (152,3, 1]. 
(e) (1:2, 1, 2, 12]. 


. Prove that if the irrational number x > 1 is represented by the infinite continued fraction 


[ao; a1, 2, ...], then 1/x has the expansion [0; ao, a1, a2, .. .]. Use this fact to find the 
value of [0; 1,1, 1,...] = [0; 1]. 


. Evaluate [1;2, 1] and [1; 2, 3, 1]. 
. Determine the infinite continued fraction representation of each irrational number below: 


(a) J5. 
(b) V7. 


| 
«) Lv on 


s4v7 


1+ V5 
| 


(d) 
= 


. (a) For any positive integer n, show that /n? + 1 = [n; 2n], Vn2 +2 = [n;n, 2n] and 


Vn? + 2n = [n; 1, 2n]. 
[Hint: Notice that 


n+ +1=2n+(Vn2+1—n) =2n + ——_— 
ans 


(b) Use part (a) to obtain the continued fraction representations of iD: of , WV 15, and 
AV 37. 


. Among the convergents of /15, find a rational number that approximates /15 with 


accuracy to four decimal places. 


. (a) Find a rational approximation to e = [2;1, 2, 1, 1, 4, 1, 1, 6, .. .] correct to four dec- 


imal places. 
(b) If a and b are positive integers, show that the inequality e < a/b < 87/32 implies 
that b > 39. 


. Prove that of any two consecutive convergents of the irrational number x, at least one, 


a/b, satisfies the inequality 


a ] 
+ El< as 
b < Op 
[Hint: Because x lies between any two consecutive convergents, 
Pn+i Pn Pn+1 Pn 
— —_— — = a + x- — 
GnQn+1 Qn+1 dn Gn+1 dn 


Now argue by contradiction. ] 


. Given the infinite continued fraction [1;3, 1,5, 1,7, 1,9, ...], find the best rational ap- 


proximation a/b with 

(a) denominator b < 25. 

(b) denominator b < 225. 

First show that | (1 + /10)/3 — 18/13] < 1/(2- 132), and then verify that 18/13 is a 
convergent of (1 + //10)/3. 

A famous theorem of A. Hurwitz (1891) says that for any irrational number x, there exist 
infinitely many rational numbers a/b such that 


Cae alee 
Xo 
b J 5b2 


Taking x = z, obtain three rational numbers satisfying this inequality. 
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12. Assume that the continued fraction representation for the irrational number x ultimately 
becomes periodic. Mimic the method used in Example 15.4 to prove that x is of the form 
r + s/d, where r and s ~ 0 are rational numbers and d > 0 is a nonsquare integer. 

13. Let x be an irrational number with convergents p,/q,. For every n > 0, verify the fol- 


lowing: 
] 
(a) a Ee : 
24nQn+1 dn QnQn+1 

(b) The convergents are successively closer to x in the sense that 

Pn Pn-1 
x-—-—|< 

Gn Gn-1 


[Hint: Rewrite the relation 


Xn+1Pn ae Pn-1 
x= 


Xn+14n i dn—1 
AS Xn41(XGn — Pn) = —Qn-1(% — Pn—-1/Qn-1)-] 


15.4 PELL’S EQUATION 


What little action Fermat took to publicize his discoveries came in the form of chal- 
lenges to other mathematicians. Perhaps he hoped in this way to convince them that 
his new style of number theory was worth pursuing. In January of 1657, Fermat 
proposed as a challenge to the European mathematical community—thinking prob- 
ably in the first place of John Wallis, England’s most renowned practitioner before 
Newton—a pair of problems: 


1. Find a cube which, when increased by the sum of its proper divisors, becomes a 
square; for example, 7° + (1 + 7 +77) = 207. 

2. Find a square which, when increased by the sum of its proper divisors, becomes 
a cube. 


On hearing of the contest, Fermat’s favorite correspondent, Bernhard Frénicle de 
Bessy, quickly supplied a number of answers to the first problem; typical of these 
is (2-3-5-13-41-47)°, which when increased by the sum of its proper divisors 
becomes (2’ - 37 - 5*- 7-13-17. 29)*. While Frénicle advanced to solutions in still 
larger composite numbers, Wallis dismissed the problems as not worth his effort, 
writing, “Whatever the details of the matter, it finds me too absorbed by numerous 
occupations for me to be able to devote my attention to it immediately; but I can 
make at this moment this response: The number | in and of itself satisfies both 
demands.” Barely concealing his disappointment, Frénicle expressed astonishment 
that a mathematician as experienced as Wallis would have made only the trivial 
response when, in view of Fermat’s stature, he should have sensed the problem’s 
greater depths. 

Fermat’s interest, indeed, lay in general methods, not in the wearying compu- 
tation of isolated cases. Both Frénicle and Wallis overlooked the theoretic aspect 
that the challenge problems were meant to reveal on careful analysis. Although the 
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phrasing was not entirely precise, it seems clear that Fermat had intended the first of 
his queries to be solved for cubes of prime numbers. To put it otherwise, the problem 
called for finding all integral solutions of the equation 


l+x+x°+x%=y? 
or equivalently, 
(l+x)14+x7)=y’ 


where x is an odd integer. Because 2 is the only prime that divides both factors on 
the left-hand side of this equation, it may be written as 


2 
ab = (5) gcd(a,b)= 1 


But if the product of two relatively prime integers is a perfect square, then each of 
them must be a square; hence, a = u”, b = v” for some u and v, so that 


l+x =2a =2u’ 1+x* = 2b = 2v’ 


This means that any integer x that satisfies Fermat’s first problem must be a solution 
of the pair of equations 


x =2u*—-1 x? =2v*-1 


the second being a particular case of the equation x7 = dy? +1. 

In February, 1657, Fermat issued his second challenge, dealing directly with the 
theoretic point at issue: Find a number y that will make dy” + 1 a perfect square, 
where d is a positive integer that is not a square; for example, 3 - 17 + 1 = 2? and 
5.474 1 = 9. If, said Fermat, a general rule cannot be obtained, find the small- 
est values of y that will satisfy the equations 61y? + 1 = x’; or 109y* + 1 = x’. 
Frénicle proceeded to calculate the smallest positive solutions of x* — dy? = 1 for 
all permissible values of d up to 150 and suggested that Wallis extend the table to 
d = 200 or at least solve x? — 151y” = 1 and x” — 313y* = 1, hinting that the sec- 
ond equation might be beyond Wallis’ ability. In reply, Wallis’ patron Lord William 
Brouncker of Ireland stated that it had only taken him an hour or so to discover 
that 


(126862368)? — 313(7170685)* = —1 


and therefore y = 2-7170685 - 126862368 gives the desired solution to 
x* — 313y? = 1; Wallis solved the other concrete case, furnishing 


(1728148040) — 151(140634693)” = 1 


The size of these numbers in comparison with those arising from other values 
of d suggests that Fermat was in possession of a complete solution to the problem, 
but this was never disclosed (later, he affirmed that his method of infinite descent 
had been used with success to show the existence of an infinitude of solutions 
of x* — dy* = 1). Brouncker, under the mistaken impression that rational and not 
necessarily integral values were allowed, had no difficulty in supplying an answer; 
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he simply divided the relation 
(r? +d) —d(2ry = (r* — dy’ 
by the quantity (r? — d)* to arrive at the solution 


r>+d 2r 

oO ey hee 
where r # Jd is an arbitrary rational number. This, needless to say, was rejected by 
Fermat, who wrote that “solutions in fractions, which can be given at once from the 
merest elements of arithmetic, do not satisfy me.” Now informed of all the conditions 
of the challenge, Brouncker and Wallis jointly devised a tentative method for solving 
x* — dy* = 1 in integers, without being able to give a proof that it will always work. 
Apparently the honors rested with Brouncker, for Wallis congratulated Brouncker 
with some pride that he had “preserved untarnished the fame that Englishmen have 
won in former times with Frenchmen.” 

After having said all this, we should record that Fermat’s well-directed effort 
to institute a new tradition in arithmetic through a mathematical joust was largely 
a failure. Save for Frénicle, who lacked the talent to vie in intellectual combat with 
Fermat, number theory had no special appeal to any of his contemporaries. The 
subject was permitted to fall into disuse, until Euler, after the lapse of nearly a 
century, picked up where Fermat had left off. Both Euler and Lagrange contributed 
to the resolution of the celebrated problem of 1657. By converting Jd into an infinite 
continued fraction, Euler (in 1759) invented a procedure for obtaining the smallest 
integral solution of x* — dy* = 1; however, he failed to show that the process leads 
to a solution other than x = 1, y = 0. It was left to Lagrange to clear up this matter. 
Completing the theory left unfinished by Euler, in 1768 Lagrange published the 
first rigorous proof that all solutions arise through the continued fraction expansion 
of Jd. 

As aresult of a mistaken reference, the central point of contention, the equation 
x* — dy* = 1, has gone into the literature with the title “Pell’s equation.” The erro- 
neous attribution of its solution to the English mathematician John Pell (1611-1685), 
who had little to do with the problem, was an oversight on Euler’s part. On a cur- 
sory reading of Wallis’s Opera Mathematica (1693), in which Brouncker’s method 
of solving the equation is set forth as well as information as to Pell’s work on 
Diophantine analysis, Euler must have confused their contributions. By all rights we 
should call the equation x* — dy” = 1 “Fermat’s equation,” for he was the first to 
deal with it systematically. Although the historical error has long been recognized, 
Pell’s name is the one that is indelibly attached to the equation. 

Whatever the integral value of d, the equation x* — dy* = 1 is satisfied trivially 
by x = +1, y=0.Ifd < —1, then x” — dy? > 1 (except when x = y = 0) so that 
these exhaust the solutions; when d = —1, two more solutions occur, namely, x = 0, 
y = +1. The case in which d is a perfect square is easily dismissed. For if d = n? 
for some n, then x* — dy* = 1 can be written in the form 


(x + ny)(x —ny)=1 


CONTINUED FRACTIONS 337 


which is possible if and only if x + ny = x — ny = £1; it follows that 
- Sy aie 
2 
_and the equation has no solutions apart from the trivial ones x = +1, y = 0. 
_ From now on, we shall restrict our investigation of the Pell equation x” — dy* = 
_ 1 tothe only interesting situation, that where d is a positive integer that is not a square. 
Let us say that a solution x, y of this equation is a positive solution provided both x 
and y are positive. Because solutions beyond those with y = 0 can be arranged in 
sets of four by combinations of signs +x, +y, it is clear that all solutions will be 
known once all positive solutions have been found. For this reason, we seek only 
positive solutions of x? — dy* = 1. 
The result that provides us with a starting point asserts that any pair of posi- 
tive integers satisfying Pell’s equation can be obtained from the continued fraction 


representing the irrational number Vd. 


Theorem 15.10. If p,¢ is apositive solution of x* — dy* = 1, then p/g is aconvergent 
of the continued fraction expansion of Jd. 


Proof. In light of the hypothesis that p* — dg* = 1, we have 


(p —qvVd)\(p + qv) = 1 
implying that p > g as well as that 


a fn ee 
q q(p +qvad) 
As a result, 
d d 1 
yet ace vd 
q qqVvd+qVd) 2q?Vd 2 


A direct appeal to Theorem 15.9 indicates that p/q must be a convergent of /d. 


In general, the converse of the preceding theorem is false: Not all of the con- 
vergents p,/gq, of /d supply solutions to x* — dy” = 1. Nonetheless, we can say 
something about the size of the values taken on by the sequence p? — dq?. 


Theorem 15.11. If p/q is a convergent of the continued fraction expansion of Jd, 
then x = p, y = g is a Solution of one of the equations 


x* —dy* =k 
where |k | < 1+ 2/d. 


Proof. If p/q is a convergent of \/d, then the corollary to Theorem 15.7 guarantees 
that 


<— 
q? 


at 
q 
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and therefore 
1 
|p -—qvd|< F 


This being so, we have 
|p +qVd| = |(p —qvd) + 2qVad | 
<|p—qvd|+|2qvd| 


1 
< _ + avd S (1 +2vd)4 


These two inequalities combine to yield 
| p? —dq*|=|p—qvd||p+qvd| 
< -( + 2V/d)q 
=1+4+2/d 


which is precisely what was to be proved. 


In illustration, let us take the case of d = 7. Using the continued fraction ex- 
pansion J/7 = [2;1, 1, 1, 4], the first few convergents of /7 are determined to be 


2/1, 3/1, 5/2, 8/3, ... 
Running through the calculations of p*? — 7q7, we find that 
2-7-1 =-30 8 A-7-P S20 8-7-2 =-3 B-7-3H% = 1 


whence x = 8, y = 3 provides a positive solution of the equation x* — 7y? = 1. 
Although a rather elaborate study can be made of periodic continued fractions, 

it is not our intention to explore this area at any length. The reader may have noticed 

already that in the examples considered so far, all the continued fraction expansions 


of /d took the form 
Jd = [do3 1, A2,..., py | 


that is, the periodic part starts after one term, this initial term being [\/d]. It is also 
true that the last term a, of the period is always equal to 2a and that the period, 
with the last term excluded, is symmetrical (the symmetrical part may or may not 
have a middle term). This is typical of the general situation. Without entering into 
the details of the proof, let us simply record the fact: If d is a positive integer that 
is not a perfect square, then the continued fraction expansion of ./d necessarily has 
the form 


Vd = [ao; 41, a2, 43, ..., 43, 42, a1, 2a] 
In the case in which d = 19, for instance, the expansion is 


wf 19 = (452.1, 3,.1,.2538] 
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whereas d = 73 gives 
V13 = (8; 1,.1,5,5;1, 1,16) 
Among alld < 100, the longest period is that of /94, which has 16 terms: 
94 = [9;1, 2, 3, 1, 1,5, 1, 8, 1,5, 1, 1, 3, 2, 1, 18] 


The following is a list of the continued fraction expansions of //d, where d is a 
nonsquare integer between 2 and 40: 


V2 = [1;2] V22 = [4; 1, 2, 4, 2, 1, 8] 
4) 3 = (1; 2) /23 = [4; 1, 3, 1, 8] 
/5 = [2; 4] /24 = [4;1, 8] 

V6 = [2;2, 4] /26 = [5; 10] 

V7 = [2;1, 1,1, 4] /27 = [5;5, 10] 

V8 = [2;1, 4] /28 = [5; 3, 2, 3, 10] 
J/10 = [3; 6] /29 = [5;2, 1, 1, 2, 10] 
/11 = [3;3, 6] V30 = [5; 2, 10] 

J12 = [3; 2, 6] 3S e 1,3, 5;3;15 1,10) 
JId— [sr 1.1, 1,6 -4/32= 15:1, 1,1, 10] 

/14 = [3; 1, 2, 1, 6] /33 = [5; 1, 2, 1, 10] 

/15 = [3; 1, 6] /34 = [5; 1, 4, 1, 10] 

/17 = [4; 8] /35 = [5; 1, 10] 

/18 = [4; 4, 8] /37 = [6; 12] 

/19 = [4;2, 1,3,1,2,8] 38 = [6;6, 12] 

/20 = [4; 2, 8] /39 = [6; 4, 12] 


J 21 = [451,1,2,1,1,8] 740 = [6; 3, 12] 


Theorem 15.10 indicates that if the equation x* — dy* = 1 possesses a solution, 
then its positive solutions are to be found among x = px, y = qx, where px /qx 
are the convergents /d. The period of the continued fraction expansion of /d 
provides the information we need to show that x? — dy” = 1 actually does have a 
solution in integers; in fact, there are infinitely many solutions, all obtainable from 
the convergents of Vd. 

An essential result in our program is that if n is the length of the period of the 
continued fraction expansion for /d, then the convergent Pxn—1/Gkn—1 satisfies 


pode ey ee 193 
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Before establishing this, we should recall that the expansion Jd = [do3 1, a2,...| 
was obtained by first defining 


1 
: Jd and Xp41 = ——— 
XE — [xx] 
fork =0,1,2,...; and then setting a, = [x,] when k > 0. Thus, the x, are all 
irrational numbers, the a, are integers and these are related by the expression 
1 
Xk = k = 0 
Xk — Ak 


Another preliminary is the following somewhat technical lemma. 


Lemma. Given the continued fraction expansion Jd = [dp; a), ao, ...], define s,; and 
t, recursively by the relations 


So = 0 flo = 1 
Skt] = Ant — Sx LS eae Oe a 2 es 
Then 


(a) s, and & are integers, with t, + 0. 
(b) t|(d — sz). 
(c) x, = (5s, + J d)/ tr fork > 0. 


Proof. We proceed by induction on k, noting that the three assertions clearly hold when 
k = 0. Assume they are true for a fixed positive integer k. Because a;, 5;, and t, are 
all integers, 5,4; = Axt, — Ss; will likewise be an integer. Also, % 4, 4 0, for otherwise 
d=s; ',,, contrary to the supposition that d is not a square. The equation 


d—s? d—s? 
k+l k 
hay = SS Yt ayy = Ap ty) 
Lk lk 
where t;|(d — s?) by the induction hypothesis, implies that ¢,,, is an integer; whereas 
tty) = d — sp, , gives te+1|(d — sf, ,). Finally, we obtain 


] ty 
= Xp — Ak 7 (s, + Jd) — thay 
7 Jd — Sk+1 
= ty (Se41 + Vd) _ Sit + Jd 
d— Sti tk 


and so (a), (b), and (c) hold in the case of k + 1, hence for all positive integers. 


We need one more collateral result before turning to the solutions of Pell’s 
equation. Here we tie the convergents of /d to the integers of t of the lemma. 
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Theorem 15.12. If p;/q, are the convergents of the continued fraction expansion of 


Jd then 


pe —dq? =(-1) tes where 4, >0 k=0,1,2,3,... 


Proof. For Vd = [ao; 41, Q2..., Ax, X~41], we know that 


7 we Tet Pk + Pk-! 
Xk41dk + Qk-1 


Upon substituting x,4.; = (8.41 + Jd)/ t.., and simplifying, this reduces to 


Vd (Seige + tee1Qe—1 — Pk) = Se41 Pe + ter Pe—-1 — dqe 


Because the right-hand side is rational and Jd is irrational, this last equation requires 
that 


Sk+idk + te41dk—1 = Pk and Sk+1 Pk + thei Pe-1 = dg 


The effect of multiplying the first of these relations by p;, and the second by —q,, and 
then adding the results, is 


Pe — 49g = te Peqk—-1 — Pr—-190) 
But Theorem 15.3 tells us that 
PeQk—1 — Pe-19e = (- 1)" = (- 
and so 
Py — dag = (VT tet 
Let us next recall from the discussion of convergents that 
Cx < Vd < Cos k>0 


Because C;, = px/qx, we deduce that p? — dq? < 0 for k even and p? — dq? > 0 for 
k odd. Thus the left-hand side of the equation 


Soe 


is always negative, which makes %4)/t positive. Starting with t) = d — aj > 0, we 
climb up the quotients to arrive at t,4, > 0. 


A matter of immediate concern is determining when the integer t; = 1. We settle 


this question below. 


Corollary. If n is the length of the period of the expansion of J/d, then 
tj =1 if and only if n|j 


Proof. For Jd = [ao:%, a7,..., A, |, we have 


Xkn+1 = X1 e—2 | a eae 
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Hence, 
Sins. + Vd _ Sy + /d 


tin+ ty 
or 
rece Vd (tent = 1) = Sineitt: Sites 
The irrationality of Jd implies that 
tint =f Skn+l = S| 

But then 

th —=d—st=d—S? ., =boltinn! = tint 

= Ss, = Skyy = lkntkn+1 = lknlh 


and so t,, = 1. The net result of this is that t; = 1 whenever n|/j. 
Going in the other direction, let j be a positive integer for which t; = 1. Then 


xj =Sj+ /d and, on taking integral parts, we can write 
[xj] =s; + [Vd] = S$; + ao 


The definition of x j4, now yields 


] 
x; =[xj] + — =8; +a) + — 
Xj+l Xj+l 


Putting the pieces together 


1 1 
ay + — = x0 = Vd = xj — 5) = a) + — 


Xj+l 
therefore, x;;; = x,. This means that the block a,,a2,...,a; of j integers keeps 
repeating in the expansion of \/d. Consequently, j must be a multiple of the length n 
of the period. 


_For a brief illustration, let us take the continued fraction expansion V15 = 
[3; 1, 6]. Its period is of length 2 and the first four convergents are 


3/1, 4/1, 27/7, 31/8 
A calculation shows that 
315 1ST S15 +7 = 6 
4* —15.1*° = 317 - 15.8% = 1 


Hence, t} = #3 = 6andth =t4 = 1. 
We are finally able to describe all the positive solutions of the Pell equation 
x* —dy* = 1, where d > O is a nonsquare integer. Our result is stated as 


Theorem 15.13. Let p;/g, be the convergents of the continued fraction expansion of 
/d, and let n be the length of the expansion. 


(a) If n is even, then all positive solutions of x* — dy* = 1] are given by 


X = Pkn—1 Y= Qn-1 ke 123 Oeeee 
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(b) If n is odd, then all positive solutions of x* — dy* = 1 are given by 


X = Prkn-1 Y= Gg an eee See 


Proof. It has already been established in Theorem 15.10 that any solution xo, yo of 
x? — dy* = 1 is of the form xp = Pj, Yo = 9; for some convergent p;/qj; of Jd. By 
the previous theorem, 


py — dqz = (-1)  t541 


which implies that j + 1 is an even integer and t;,; = 1. The corollary tells us that 
n|(j + 1), say j + 1 = nk for some k. If n is odd, then k must be even, whereas if n is 
even then any value of k suffices. 


Example 15.7. As a first application of Theorem 15.13, let us again consider the 
equation x? — 7y” = 1. Because /7 = [2;1, 1, 1, 4], the initial 12 convergents are 


2/1, 3/1, 5/2, 8/3, 37/14, 45/17, 82/31, 127/48, 
590/223, 717/271, 1307/494, 2024/765 


Because the continued fraction representation of /7 has a period of length 4, the 
numerator and denominator of any of the convergents p4,—1/qax—, form a solution of 


x* — 7y* = 1. Thus, for instance, 


E73. betas 2 904/765 
ii 


q3 q7 


give rise to the first three positive solutions; these solutions are x; = 8, y, = 3; 
X2 = 127, yo = 48; x3 = 2024, y3 = 765. 


Example 15.8. To find the solution of x* — 13y* = 1 in the smallest positive integers, 
we note that V13 = [3; 1, 1, 1, 1, 6] and that there is a period of length 5. The first 10 
convergents of 13 are 


3/1, 4/1, 7/2, 11/3, 18/5, 119/33, 137/38, 256/71, 393/109, 649/180 


With reference to part (b) of Theorem 15.13, the least positive solution of x* —13y* = 1 
is obtained from the convergent po/qo = 649/180, the solution itself being x; = 649, 


There is a quick way to generate other solutions from a single solution of Pell’s 
equation. Before discussing this, let us define the fundamental solution of the equa- 
tion x* — dy* = 1 to be its smallest positive solution. That is, it is the positive 
solution x9, yo with the property that x9 < x’, yo < y’ for any other positive solu- 
tion x’, y’. Theorem 15.13 furnishes the following fact: If the length of the period 
of the continued fraction expansion of /d is n, then the fundamental solution of 
x? — dy” = 1 is given by x = Pn-1, Y = Gn—-1 When n is even; and by x = Pon_1, 
Y = Gmn—1 when n is odd. Thus, the equation x” — dy* = 1 can be solved in either 
n or 2n Steps. 

Finding the fundamental solution can be a difficult task, because the numbers in 
this solution can be unexpectedly large, even for comparatively small values of d. For 
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example, the innocent-looking equation x* — 991y* = 1 has the smallest positive 
solution 

x = 3795164009068 1 1930638014896080 

y = 1205573579033 1359447442538767 


The situation is even worse with x* — 1000099 y? = 1, where the smallest positive 
integer x satisfying this equation has 1118 digits. Needless to say, everything depends 
upon the continued fraction expansion of /d and, in the case of /1000099, the 
period consists of 2174 terms. 

It can also happen that the integers needed to solve x* — dy” = 1 are small fora 
given value of d and very large for the succeeding value. A striking illustration of this 
variation is provided by the equation x* — 61y* = 1, whose fundamental solution 
is given by 


x = 1766319049 y = 226153980 


These numbers are enormous when compared with the case d = 60, where the 
solution is x = 31, y = 4 or with d = 62, where the solution is x = 63, y = 8. 

With the help of the fundamental solution—which can be found by means of 
continued fractions or by successively substituting y = 1, 2,3, ... into the expres- 
sion 1 + dy* until it becomes a perfect square—we are able to construct all the 
remaining positive solutions. 


Theorem 15. 14. Let x;, y; be the fundamental solution of x* — dy* = 1. Then every 
pair of integers x,, y, defined by the condition 


Xn + ynWvd = (x, + y;Vd)" n=1,2,3,... 


is also a positive solution. 


Proof. It is a modest exercise for the reader to check that 
Xn — Yad = (x1 — yiVd)" 


Further, because x; and y, are positive, x, and y, are both positive integers. Bearing 
in mind that x), y; is a solution of x” — dy” = 1, we obtain 


5 os dy? = (iat YnVd)\(Xn — Yn ad) 
= (x1 + yVd)"(x1 — yd)" 
=, >a) ==] 


and therefore x,, y, iS a solution. 
Let us pause for a moment to look at an example. By inspection, it is seen that 


x; = 6, y; = 1 forms the fundamental solution of x* — 35y”? = 1. A second positive 
solution x2, y2 can be obtained from the formula 


x. + yoV35 = (64+ V35) = 71 + 12V35 
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which implies that x2 =71, y2=12. These integers satisfy the equation 
x? — 35y* = 1, because 


71* — 35-12? = 5041 — 5040 = 1 
A third positive solution arises from 


x3 + y3V735 = (6+ V35) 
= (71 + 12./35)(6 + V35) = 846 + 143/35 
This gives x3 = 846, y3 = 143, and in fact, 
8467 — 35 - 1437 = 715716 — 715715 = 1 


so that these values provide another solution. 
Returning to the equation x* — dy* = 1, our final theorem tells us that any 
positive solution can be calculated from the formula 


Xn + Yad = (x1 + Vd)" 


where n takes on integral values; that is, if u, v is a positive solution of x” — dy” = 1, 
then u = x,, Vv = y, for a suitably chosen integer n. We state this as Theorem 15.15. 


Theorem 15.15. If x, y; is the fundamental solution of x? — dy* = 1, then every 
positive solution of the equation is given by x,, y,, where x, and y, are the integers 
determined from 


Xn tynvd =(x) tyVvdy nn =1,2,3,... 
Proof. In anticipation of a contradiction, let us suppose that there exists a positive 
solution uw, v that is not obtainable by the formula (x; + yivd)". Because x; + yivd > 


1, the powers of x; + yi/d become arbitrarily large; this means that u + v/d must 
lie between two consecutive powers of x; + y, Jd, say, 


(x; + yivd)" <utvvd <(x,+ yvdy"! 
or, to phrase it in different terms, 
Xn + Ynvd <utvvd < (Xn + Yn d(x as yivd) 


On multiplying this inequality by the positive number x, — y,/d and noting that 
x? — dy* = 1, we are led to 


1 < (Xn — ynV du + vVd) < x; + yivd 
Next define the integers r and s by r + s/d = (Xn — Yn Jdy\(u + vi/d); that is, let 
r =Xnu — ynvd S=XnV — Yn 
An easy calculation reveals that 
r*—ds* = (x? — dy?)\(u* —dyv*)=1 
and therefore r, s is a solution of x”? — dy” = 1 satisfying 


lert+sv/d <x, +y:Vd 
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Completion of the proof requires us to show that the pair, s is a positive solution. 
Because 1 <r +s/d and (r +s/d)(r — sd) = 1, we find thatO < r—sJ/d <1. 
In consequence, 


2r =(r+sJ/d)+(r—sVd)>1+0>0 
2s./d =(r+sJVd)—(r —sVd)>1—1=0 


which makes both r and s positive. The upshot is that because x1, y, is the fundamental 
solution of x* — dy? = 1, we must have x; <r and y; <s; but then x, + yivd < 
r + sd, violating an earlier inequality. This contradiction ends our argument. 


Pell’s equation has attracted mathematicians throughout the ages. There is his- 
torical evidence that methods for solving the equation were known to the Greeks 
some 400 years before the beginning of the Christian era. A famous problem of 
indeterminate analysis known as the “cattle problem” is contained in an epigram 
sent by Archimedes to Eratosthenes as a challenge to Alexandrian scholars. In it, 
one is required to find the number of bulls and cows of each of four colors, the eight 
unknown quantities being connected by nine conditions. These conditions ultimately 
involve the solution of the Pell equation 


x” — 4729494y* = | 


which leads to enormous numbers; one of the eight unknown quantities is a figure 
having 206,545 digits (assuming that 15 printed digits take up one inch of space, the 
number would be over 1/5 of a mile long). Although it is generally agreed that the 
problem originated with the celebrated mathematician of Syracuse, no one contends 
that Archimedes actually carried through all the necessary computations. 

Such equations and dogmatic rules, without any proof for calculating their so- 
lutions, spread to India more than a thousand years before they appeared in Europe. 
In the 7th century, Brahmagupta said that a person who can within a year solve 
the equation = 92y* = 1 is a mathematician; for those days, he would at least 
have to be a good arithmetician, because x = 151, y = 120 is the smallest positive 
solution. A computationally more difficult task would be to find integers satisfy- 
ing x* — 94y? = 1, for here the fundamental solution is given by x = 2143295, 
y = 221064. 

Fermat, therefore, was not the first to propose solving the equation x” — dy” = 1, 
or even to devise a general method of solution. He was perhaps the first to assert 
that the equation has an infinitude of solutions whatever the value of the nonsquare 
integer d. Moreover, his effort to elicit purely integral solutions to both this and 
other problems was a watershed in number theory, breaking away as it did from the 
classical tradition of Diophantus’s Arithmetica. 


PROBLEMS 15.4 


1. If xo, yo is a positive solution of the equation x” — dy* = 1, prove that xo > yo. 
2. By the technique of successively substituting y = 1, 2,3,...intod y* + 1, determine the 
smallest positive solution of x? — dy? = 1 when d is 


10. 


11. 


12. 
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(a) 7. 
(b) 11. 
(c) 18. 
(d) 30. 
(e) 39. 


. Find all positive solutions of the following equations for which y < 250: 


(a) x* —2y? = 1. 
(b) x* —3y* = 1. 
(c) x7 — 5y* = 1. 


. Show that there is an infinitude of even integers n with the property that both n + 1 and 


n/2-+ 1 are perfect squares. Exhibit two such integers. 


. Indicate two positive solutions of each of the equations below: 


(a) x* — 23y* = 1. 
(b) x? — 26y? = 1. 
(c) x* — 33y* = 1. 


. Find the fundamental solutions of these equations: 


(a) x* — 29y? = 1. 
(b) x7 —41y? = 1. 
(c) x* — 74y? = 1. 
(Hint: 41 = [6;2, 2, 12] and /74 = [8;1, 1, 1, 1, 16].] 


. Exhibit a solution of each of the following equations: 


(a) x* — 13y? = —1. 
(b) x? — 29y? = —1. 
(c) x* —41y? = -1. 


. Establish that if xo, yo is a solution of the equation x* — dy* = —1, then x = 2dyé — 1, 


y = 2xoyo satisfies x* — dy? = 1. Brouncker used this fact in solving x* — 313y* = 1. 


. If d is divisible by a prime p = 3 (mod 4), show that the equation x* — dy* = —1 has 


no solution. 
If x1, y; is the fundamental solution of x* — dy? = 1 and 


Xn t nvd = (x1 + yi)" n=1,2,3,... 


prove that the pair of integers x,, y, can be calculated from the formulas 
l 
Xn = 5 lO +yivdy" + (x1 — y\Vd)"] 


1 
Yn = Wr ised + yd)" — (x1 — y:Vd)"] 


Verify that the integers x,, y, in the previous problem can be defined inductively either 
by 

Xn+1 = X1Xn + dy Yn 

Ynt1 =X1Yn + Xn 
forn = 1,2,3,..., or by 

Xnt+1 = 2x1Xn — Xn—1 

Ynat+1 = 2X1Yn — Yn-1 


Ce) ee ee errr 
Using the information that x; = 15, y; = 2 is the fundamental solution of x7 — 56y* = 1, 
determine two more positive solutions. 
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13. (a) Prove that whenever the equation x* — dy* = c is solvable, it has infinitely many 


solutions. 
(Hint: If u, v satisfy x* — dy? =c andr, s satisfy x* — dy* = 1, then 


(ur + dvs) —d(us tyr) = (u* — dv’)(r? — ds’) = c.] 


(b) Given that x = 16, y = 6 is a solution of x* — 7y* = 4, obtain two other positive 
solutions. 
(c) Given that x = 18, y = 3 is a solution of x* — 35y* = 9, obtain two other positive 
solutions. 
14. Apply the theory of this section to confirm that there exist infinitely many primitive 
Pythagorean triples x, y, z in which x and y are consecutive integers. 
(Hint: Note the identity (s* — t?) — 2st = (s — t)* — 2t?.] 
15. The Pell numbers p, and q, are defined by 
Po = 90 pi=l Pn = 2Pn—1 + Pn-2 n>2 
qo = 1 qiu=1 Gn = 24n—1 + Gn-2 n>2 
This gives us the two sequences 
0,1, 2,5, 12, 29, 70, 169, 408, ... 
113 Ty 1141 99,.239, 7 162i 


Ifa =1+/2 and B=1- /2, show that the Pell numbers can be expressed as 
pate a” — p” fe a” fi Be 


forn > 0. 
[Hint: Mimic the argument on page 296, noting that a and £ are roots of the equation 
5 ae ee, eee eer 0 
16. For the Pell numbers, derive the relations below, where n > 1: 
(a) Pon = 2PnQn- 
(b) Pa + Pn—1 = Qn- 
(c) 247 — don = (-1)". 
(d) Pn + Pati + Pns3 = 3 Pn+2- 
(e) q2 — 2p = (—1)"; hence, gn/ pn are the convergents of /2. 


CHAPTER 


SOME TWENTIETH-CENTURY 
DEVELOPMENTS 


As with everything else, so with a mathematical theory: beauty can be 
perceived, but not explained. 
ARTHUR CAYLEY 


16.1 HARDY, DICKSON, AND ERDOS 


The vitality of any field of mathematics is maintained only as long as its practitioners 
continue to ask (and to find answers to) interesting and worthwhile questions. Thus 
far, our study of number theory has shown how that process has worked from its 
classical beginnings to the present day. The reader has acquired a working knowledge 
of how number theory is developed and has seen that the field is still very much alive 
and growing. This brief closing chapter indicates several of the more promising 
directions that growth has taken in the 20th century. 

We begin by looking at some contributions of three prominent number the- 
orists from the past century, each from a different country: Godfrey H. Hardy, 
Leonard E. Dickson, and Paul Erdés. In considerably advancing our mathemati- 
cal knowledge, they are worthy successors to the great masters of the past. 

For more than a quarter of a century G. H. Hardy (1877-1947) dominated 
English mathematics through both the significance of his work and the force of 
his personality. Hardy entered Cambridge University in 1896 and joined its faculty 
in 1906 as a lecturer in mathematics, a position he continued to hold until 1919. 
Perhaps his greatest service to mathematics in this early period was his well-known 
book A Course in Pure Mathematics. England had had a great tradition in applied 
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Godfrey Harold Hardy 
(1877-1947) 


(Trinity College Library, Cambridge) 


mathematics, starting with Newton, but in 1900 pure mathematics was at a low ebb 
there. A Course in Pure Mathematics was designed to give the undergraduate student 
a rigorous exposition of the basic ideas of analysis. Running through numerous 
editions and translated into several languages, it transformed the trend of university 
teaching in mathematics. 

Hardy’s antiwar stand excited strong negative feelings at Cambridge, and in 
1919, he was only too ready to accept the Savilian chair in geometry at Oxford. He 
was succeeded on the Cambridge staff by John E. Littlewood. Eleven years later 
Hardy returned to Cambridge, where he remained until his retirement in 1942. 

Hardy’s name is inevitably linked with that of Littlewood, with whom he carried 
on the most prolonged (35 years), extensive, and fruitful partnership in the history of 
mathematics. They wrote nearly 100 papers together, the last appearing a year after 
Hardy’s death. It was often joked that there were only three great English mathemati- 
cians in those days: Hardy, Littlewood, and Hardy-Littlewood. (One mathematician, 
upon meeting Littlewood for the first time, exclaimed, “I thought that you were 
merely a name used by Hardy for those papers which he did not think were quite 
good enough to publish under his own name.) 

There are very few areas of number theory to which Hardy did not make a 
significant contribution. A major interest of his was Waring’s problem; that is, the 
question of representing an arbitrary positive integer as the sum of at most g(k) 
kth powers (see Section 13.3). The general theorem that g(x) is finite for all k was 
first proved by Hilbert in 1909 using an argument that shed no light on how many 
kth powers are needed. In a series of papers published during the 1920s, Hardy 
and Littlewood obtained upper bounds on G(k), defined to be the least number 
of kth powers required to represent all sufficiently large integers. They showed 
(1921) that G(k) < (k — 2)2*—! + 5 for all k, and, more particularly, that G(4) < 19, 
G(5) < 41, G(6) < 87, and G(7) < 193. Another of their results (1925) is that for 
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“almost all” positive integers g(4) < 15, whereas g(k) < (1/2k — 1)2*-! + 3 when 
k = 3 ork > 5. Because 79 = 4 - 2+ + 15 - 14 requires 19 fourth powers, g(4) > 19; 
this, together with the bound G(4) < 19 suggested that ¢(4) = 19 and raised the 
possibility that its actual value could be settled by computation. 

Another topic that drew the attention of the two collaborators was the classical 
three-primes problem: Can every odd integer n > 7 be written as the sum of three 
prime numbers? In 1922, Hardy and Littlewood proved that if certain hypotheses are 
made, then there exists a positive number N such that every odd integer n > N isa 
sum of three primes. They also found an approximate formula for the number of such 
representations of n. I. M. Vinogradov later obtained the Hardy-Littlewood conclu- 
sion without invoking their hypotheses. All the Hardy-Littlewood papers stimulated 
a vast amount of further research by many mathematicians. 

L. E. Dickson (1874-1954) was prominent among a small circle of those who 
greatly influenced the rapid development of American mathematics at the turn of 
the century. He received the first doctorate in mathematics from the newly founded 
University of Chicago in 1896, became an assistant professor there in 1900, and 
remained at Chicago until his retirement in 1939. 

Reflecting the abstract interests of his thesis advisor, the distinguished E. H. 
Moore, Dickson initially pursued the study of finite groups. By 1906, Dickson’s 
prodigious output had already reached 126 papers. He would jokingly remark that, 
although his honeymoon was a success, he managed to get only two research arti- 
cles written then. His monumental History of the Theory of Numbers (1919), which 
appeared in three volumes totaling more than 1600 pages, took 9 years to complete; 
by itself this would have been a life’s work for an ordinary man. One of the century’s 
most prolific mathematicians, Dickson wrote 267 papers and 18 books covering a 
broad range of topics in his field. An enduring bit of legend is his barb against appli- 
cable mathematics: “Thank God that number theory is unsullied by applications.” 
(Expressing much the same view, Hardy is reported to have made the toast: “Here’s to 
pure mathematics! May it never have any use.’”’) In recognition of his work, Dickson 
was the first recipient of the F. N. Cole Prize in algebra and number theory, awarded 
in 1928 by the American Mathematical Society. 

Dickson stated that he always wished to work in number theory, and that he wrote 
the History of the Theory of Numbers so he could know all that had been done on the 
subject. He was particularly interested in the existence of perfect numbers, abundant 
and deficient numbers, and Waring’s problem. A typical result of his investigations 
was to list (in 1914) all the odd abundant numbers less than 15,000. 

In a long series of papers beginning in 1927, Dickson gave an almost complete 
solution of the original form of Waring’s problem. His final result (in 1936) was 
that, for nearly all k, g(k) assumes the ideal value g(k) = 2" + [(3/2)*] — 2, as was 
conjectured by Euler in 1772. Dickson obtained a simple arithmetic condition on k 
for ensuring that the foregoing formula for g(k) held, and showed that the condition 
was Satisfied for k between 7 and 400. With the dramatic increase in computer 
power, it is now known that Euler’s conjecture for g(k) holds when k is between 2 
and 471600000. 

Paul Erdés (1913-1996), who is often described as one of the greatest modern 
mathematicians, is unique in mathematical folklore. The son of two high school 
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teachers of mathematics, his genius became apparent at a very early age. Erdés 
entered the University of Budapest when he was 17 and graduated 4 years later with 
a Ph.D. in mathematics. As a first year student in college, he published his first paper, 
which was a simple proof of Bertrand’s conjecture that for any n > 1 there is always 
a prime between n and 2n. 

After a 4-year fellowship at Manchester University, England, Erd6s adopted the 
lifestyle of a wandering scholar, a “Professor of the Universe.” He traveled the world 
constantly, often visiting as many as 15 universities and research centers in a month. 
(Where Gauss’ motto was “Few, but ripe,” Erdés took as his the words “Another roof, 
another proof.”) Although Erd6s never held a regular academic appointment, he had 
standing offers at several institutions where he could pause for short periods. In his 
total dedication to mathematical research, Erdés dispensed with the pleasures and 
possessions of daily life. He had neither property nor fixed address, carried no money 
and never cooked anything, not even boiled water for tea; a few close friends handled 
his financial affairs, including filing his income tax returns. A generous person, Erdés 
was apt to give away the small honoraria he picked up from his lectures, or used them 
to fund two scholarships that he set up for young mathematicians—one in Hungary 
and one in Israel. 

Erd6s’s work in number theory was always substantial, and frequently monu- 
mental. One feat was his demonstration (1938) that the sum of the reciprocals of 
the prime numbers is a divergent series. In 1949, he and Atle Selberg independently 
published “elementary” —though not easy—proofs of what is called the Prime Num- 
ber Theorem. (It asserts that 2(x) ¥ x/logx, where (x) is the number of primes 
p < x.) This veritable sensation among number theorists helped earn Selberg a Fields 
Medal (1950) and Erdés a Cole Prize (1952). Erdés received the prestigious Wolf 
Prize in 1983 for outstanding achievement in mathematics; of the $50,000 award he 
retained only $750 for himself. 

Erd6s published, either alone or jointly, more than 1200 papers. With over 300 
coauthors, he collaborated with more people than any other mathematician. As a spur 
to his collaborators, Erd6és attached monetary rewards to problems that he had been 
unable to solve. The rewards generally ranged from $10 to $10,000, depending on his 
assessment of the difficulty of the problem. The inducement to obtain a solution was 
not as much financial as prestigious, for there was a certain notoriety associated with 
owning a check bearing Erdés’s name. The following reflect the range of questions 
that he would have liked to have seen answered: 


1. Does there exist an odd integer that is not of the form 2 + n, with n square-free? 

2. Are there infinitely many primes p (such as p = 101) for which p — k! is com- 
posite whenever | < k! < p? 

3. Is it true that, for all k > 8, 2* cannot be written as the sum of distinct powers of 
3? [Note that 2° = 3° + 37 +341.] 

4. If p(n) is the largest prime factor of n, does the inequality p(n) > p(n + 1) > 
p(n + 2) have an infinite number of solutions? 

5. Given an infinite sequence of integers, the sum of whose reciprocals diverges, does 
the sequence contain arbitrarily long arithmetic progressions? ($3,000 offered for 
an answer) 
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Through a host of problems and conjectures such as these, Paul Erd6és stimulated 
two generations of number theorists. 

A word about a current trend: Computation has always been an important inves- 
tigative tool in number theory. Therefore it is not surprising that number theorists 
were among the first mathematicians to exploit the research potential of modern 
electronic computers. The general availability of computing machinery has given 
rise to a new branch of our discipline, called Computational Number Theory. Among 
its wide spectrum of activities, this subject is concerned with testing the primality of 
given integers, finding lower bounds for odd perfect numbers, discovering new pairs 
of twin primes and amicable numbers, and obtaining numerical solutions to cer- 
tain Diophantine equations (such as x* + 999 = y°). Another fruitful line of work 
is to verify special cases of conjectures, or to produce counterexamples to them; 
for instance, in regard to the conjecture that there exist pseudoprimes of the form 
2” — 2, acomputer search found the pseudoprime 2*°°/** — 2. The problem of fac- 
toring large composite numbers has been of continuing computational interest. The 
most dramatic result of this kind was the recent determination of a prime factor 
of the twenty-eighth Fermat number Fg, an integer having over 8 million decimal 
digits. Previously, it had been known only that Fg is composite. The extensive cal- 
culations produced the 22-digit factor 25709319373 - 2°© + 1. No doubt number- 
theoretic records will continue to fall with the development of new algorithms and 
equipment. 

Number theory has many examples of conjectures that are plausible, are sup- 
ported by seemingly overwhelming numerical evidence, and yet turn out to be false. 
In these instances, a direct computer search of many cases can be of assistance. 
One promising conjecture of long-standing was due to George Polya (1888-1985). 
In 1914, he surmised that for any n > 2, the number of positive integers up to n 
having an odd number of prime divisors is never smaller than the number having 
an even number of prime divisors. Let 4 be the Liouville function, defined by the 
equation A(n) = (—1)%, where the symbol Q(n) represents the total number of 
prime factors of n => 2 counted according to their multiplicity (A(1) = 1). With this 
notation, the Polya conjecture may be written as a claim that the function 


Ln) = 9° Ata) 
is never positive for any n > 2. Pélya’s own calculations confirmed this up to n = 
1500, and the conjecture was generally believed true for the next 40 years. In 1958, 
C. B. Haselgrove proved the conjecture false by showing that infinitely many integers 
n exist for which L(n) > 0. However, his method failed to furnish any specific n 
for which the conjecture is violated. Shortly thereafter (1960), R. S. Lehman called 
attention to the fact that 


L(9906180359) = 1 


The least value of n satisfying L(n) > O was discovered in 1980; it is 906150257. 
Another question that could not have been settled without the aid of computers is 
whether the string of digits 123456789 occurs somewhere in the decimal expansion 
for z. In 1991, when the value of 2 extended beyond one billion decimal digits, it 
was reported that the desired block appeared shortly after the half-billionth digit. 
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16.2 PRIMALITY TESTING AND FACTORIZATION 


In recent years, primality testing has become one of the most active areas of inves- 
tigation in number theory. The dramatic improvements in power and sophistication 
of computing equipment have rekindled interest in large-scale calculations, leading 
to the development of new algorithms for quickly recognizing primes and factoring 
composite integers; some of these procedures require so much computation that their 
implementation would have been infeasible a generation ago. Such algorithms are 
of importance to those in industry or government concerned with safeguarding the 
transmission of data; for various present-day cryptosystems are based on the inherent 
difficulty of factoring numbers with several hundred digits. This section describes a 
few of the more recent innovations in integer factorization and primality testing. The 
two computational problems really belong together, because to obtain a complete 
factorization of an integer into a product of primes we must be able to guarantee— 
or provide certainty beyond a reasonable doubt—that the factors involved in the 
representation are indeed primes. 

The problem of distinguishing prime numbers from composite numbers has 
occupied mathematicians through the centuries. In his Disquisitiones Arithmeticae, 
Gauss acclaimed it as “the most important and useful in arithmetic.” Given an integer 
n > 1, just how does one go about testing it for primality? The oldest and most direct 
method is trial division: check each integer from 2 up to ./n to see whether any is 
a factor of n. If one is found, then n is composite; if not, then we can be sure that 
n is prime. The main disadvantage to this approach is that, even with a computer 
capable of performing a million trial divisions every second, it may be so hopelessly 
time-consuming as to be impractical. It is not enough simply to have an algorithm 
for determining the prime or composite character of a reasonably large integer; what 
we really need is an efficient algorithm. 

The long-sought rapid test for determining whether a positive integer is prime 
was devised in 2002 by three Indian computer scientists (M. Agrawal, N. Kayal, 
and N. Saxena). Their surprisingly simple algorithm provides a definite answer in 
“polynomial time,” that is, in about d° steps where d is the number of binary digits 
of the given integer. 

In 1974, John Pollard proposed a method that is remarkably successful in finding 
moderate-sized factors (up to about 20 digits) of formerly intractable numbers. Con- 
sider a large odd integer n that is known to be composite. The first step in Pollard’s 
factorization method is to choose a fairly simple polynomial of degree at least 2 with 
integer coefficients, such as a quadratic polynomial 


f(x)=x*?+a aX#0,-2 


Then, starting with some initial value xo, a “random” sequence x1, x2, x3,... 1S 
created from the recursive relation 


Xk41 = F (xx) (mod n) k =0, 1, 2. sire 


that is, the successive iterates xj = f(X0),X2 = f(f(xo)), x%3 = f(f(f(o))), ... are 
computed modulo n. 
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Let d be a nontrivial divisor of n, where d is small compared with n. Because 
there are relatively few congruence classes modulo d (namely, d of them), there will 
probably exist integers x; and x; that lie in the same congruence class modulo d, 
but belong to different classes modulo n; in short, we will have x, = x; (mod d), 
and x, # x; (mod n). Because d divides x, — x; and n does not, it follows that 
gcd(x;, — x; ,n) 1s anontrivial divisor of n. In practice, a divisor d of n is not known 
in advance. But it can most likely be detected by keeping track of the integers x,, 
which we do know. Simply compare x, with earlier x;, calculating gcd(x;, — x; ,n) 
until a nontrivial greatest common divisor occurs. The divisor obtained in this way 
is not necessarily the smallest factor of n, and indeed it may not even be prime. The 
possibility exists that when a greatest common divisor greater than | is found, it may 
turn out to be equal to n itself; that is, x, = x; (mod 7). Although this happens only 
rarely, one remedy is to repeat the computation with either a new value of xo or a 
different polynomial f(x). 

A rather simple example is afforded by the integer n = 2189. If we choose 
xo = land f(x) = x? +1, the recursive sequence will be 


Nie Ze Xe = Sy. 5 = 26 TT: XS = 829 
Comparing different x;,, we find that 
gcd(x5 — x3, 2189) = gcd(803, 2189) = 11 


and so a divisor of 2189 is 11. 

As k increases, the task of computing gcd(x, — x; ,n) for each j < k becomes 
very time-consuming. We shall see that it is often more efficient to reduce the number 
of steps by looking at cases in which k = 27. Let d be some (as yet undiscovered) 
nontrivial divisor of n. If x, = x; (mod d), with j < k, then by the manner in which 
f(x) was selected 


Xjoi = f (xj) = f (xx) = Xe41 (mod d) 


It follows from this that, when the sequence {x;} is reduced modulo d, a block of 
k — j integers is repeated infinitely often. That is, ifr = s (modk — j), wherer > j 
and s > j, then x, = x; (mod d); and, in particular, x2, = x; (mod d) whenever tf is 
taken to be a multiple of k — 7 larger than /. It is reasonable therefore to expect that 
there will exist an integer k for which 1 < gcd(x2, — x, ,n) <n. The drawback in 
computing only one greatest common divisor for each value of k is that we may not 
detect the first time that gcd(x; — x; ,) is a nontrivial divisor of n. 
A specific example will make matters come to life. 


Example 16.1. To factor n = 30623 using this variant of Pollard’s method, let us take 
xo = 3 as the starting value and f(x) = x” — 1 as the polynomial. The sequence of 
integers that x, generates is 


8. 63. 3968. 4801. 21104. 28526, 18319. 18926.... 
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Making the comparison x2; with x;,, we get 
x2 —x,; = 63-8 =55 gcd(55,n) = 1 
x4 — X2 = 4801 — 63 = 4738 gcd(4738 ,n) = 1 
X6 — x3 = 28526 — 3968 = 24558 gcd(24558 ,n) = 1 
xg — x4 = 18926 — 4801 = 14125 gcd(14125 ,n) = 113 

The desired factorization is 30623 = 113 - 271. 

When the x, are reduced modulo 113, the new sequence 
8, 63, 13, 55, 86, 50, 13, 55,... 


is obtained. This sequence is ultimately periodic with the four integers 13, 55, 86, 50 
being repeated. It is also worth observing that because xg = x4 (mod 113), the length 
of the period is 8 — 4 = 4. The situation can be represented pictorially as 


X4=Xg=55 X5 =Xq = 86 
X3=X7= 13 
X6 =X19 = 50 
X7 = 63 
x] = 3 
xp =3 


Because the figure resembles the Greek letter o (rho), this factoring method is 
popularly known as Pollard’s rho-method. Pollard himself had called it the Monte 
Carlo method, in view of its random nature. 


A notable triumph of the rho-method is the factorization of the Fermat number 
Fg by Brent and Pollard in 1980. Previously Fg had been known to be composite, but 
its factors were undetermined. Using f(x) = x2" + 1 and xo = 3 in the algorithm, 
Brent and Pollard were able to find the prime factor 1238926361552897 of Fg in 
only 2 hours of computer time. Although they were unable to verify that the other 
62-digit factor was prime, H. C. Williams managed the feat shortly thereafter. 

Fermat’s theorem lies behind a second factorization scheme developed by 
John Pollard in 1974, known as the p — 1 method. Suppose that the odd composite 
integer n to be factored has an unknown prime divisor p with the property that 
p—1 is a product of relatively small primes. Let g be any integer such that 
(p — 1)|q. For instance, qg could be either k! or the least common multiple of the 
first k positive integers, where k is taken sufficiently large. Next choose an integer 
a, with 1 <a < p—1, and calculate a7 = m (mod n). Because g = (p — 1)/ for 
some /j, the Fermat congruence leads to 


m =a!‘ =(a’"') = 1/ = 1 (mod p) 


implying that p|(m— 1). This forces gcd(m —1,n) > 1, which gives rise to a 
nontrivial divisor of n as long as m € 1 (mod 7). 
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It is important to note that gcd(m — 1,7) can be calculated without knowing p. 
If it happens that gcd(m — 1,n) = 1, then one should go back and select a different 
value of a. The method might also fail if g is not taken to be large enough; that is, 
if p — 1 contains a large prime factor or a small prime occurring to a large power. 


Example 16.2. Let us obtain a nontrivial divisor of n = 2987 by taking a = 2 and 
gq = 7! in Pollard’s p — 1 method. To find 2” (mod 2987), we compute 


(((((2’)°)"?)°)" God 2987) 
the sequence of calculations being 
2* = 4 (mod 2987) 
4? = 64 (mod 2987) 
64* = 2224 (mod 2987) 
2224° = 1039 (mod 2987) 
1039° = 2227 (mod 2987) 
2227’ = 755 (mod 2987) 
Because gcd(754 , 2987) = 29, we have discovered that 29 is a divisor of 2987. 


The continued fraction factoring algorithm also played a prominent role during 
the mid-1970s. This iterative procedure was contained in Legendre’s Théorie des 
Nombres of 1798, but over the ensuing years fell into disuse owing to the drudgery of 
its complicated calculations. With the advent of electronic computers, there was no 
longer a practical reason for ignoring the method as the inhibiting computations could 
now be done quickly and accurately. Its first impressive success was the factorization 
of the 39-digit Fermat number F7, performed by Morrison and Brillhart in 1970 and 
published in 1975. 

Before considering this method, let us recall the notation of continued fractions. 
For a nonsquare positive integer n, the continued fraction expansion of ./n is 


Jn = [03 a1, a2, a3,...] 
where the integers a, are defined recursively by 


ag = [xo], Www 


An+1 = [Xe41], XkH1 = fork > 0 
Xk — Ak 
The kth convergent C; of /n is 
Cy = [03 41, d2,-.-, A] = Pe/ Qk 


The px; and g; can be calculated from the relations 
p2=9-1=9, p-r=q2=1 
and 
Pk = 4k Pk-1 1+ Pk-2 
Gk = AcQx—1 + 4-2 for k = 0 
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Now the values do, a, a2, ... are uSed to define integers s,; and t as follows: 
So =0,to = 1 
Ska = Ath — Sx, tea, = (n - S704) / th fork > 0 
The equation that we require appears in Theorem 15.12; namely, 
Pit — Ge = (—D te (k= 1) 
or, expressed as congruence modulo n, 
Py, = (-1)*& (mod n) 


The success of this factorization method depends on & being a perfect square for 
some even integer k, say t = y*. This would give us 


Des = y? (mod n) 


and a chance at a factorization of n. If py_; # ty (mod n), then gcd (px_1 + y,n) 
and gcd(px-1 — y,n) are nontrivial divisors of n; for n would divide the product of 
Pr-1 + y and pz—1 — y without dividing the factors. In the event that p,_; = +y 
(mod 7), we locate another square & and try again. 


Example 16.3. Let us factor 3427 using the continued fraction factorization method. 
Now + 3427 has the continued fraction expansion 
V/ 3427 = (58; 1, 1,5, 1,1, 1, 16, 12, ...] 


The results of calculating s;, t%, and p, are listed in tabular forms with some values of 
px reduced modulo 3427: 


k 0 1 2 3 4 =, 6 7 8 
a, 358 1 1 5 1 1 1 16 12 
Sk 0 45 23 Ze, 13 4] 43 iy 42 
tk 1 63 54 19 69 42 f & 7 9 
Pr S58 59 117 644 761 1405 2166 1791 3096 


The first ¢,, with an even subscript, that is a square, is tg. Thus, we consider the 
congruence 


p> = (—1)'tg (mod 3427) 
which is to say the congruence 
17917 = 3° (mod 3427) 
Here, it is determined that 
gcd(1791 + 3, 3427) = ged(1794 , 3427) = 23 
gcd(1791 — 3, 3427) = gced(1788 , 3427) = 149 
and so both 23 and 149 are factors of 3247. Indeed, 3427 = 23 - 149. 
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A square fz; does not necessarily lead to a nontrivial divisor of n. Taken = 1121, 
for example. From / 1121 = [33;2, 12, 1, 8,1, 1, ...], we obtain the table of values 


k 0 1 2 3 4 5 6 


a 33 2 12 1 8 1 1 


Sk 0 33 31 29 2] 29 1] 
tk 1 32 5 56 7 40 25 
Pk 33 67 837 904 8069 8973 17042 


Now fg iS a square. The associated congruence Be = (—1)°te (mod 1121) be- 
comes 


f 


89737 = 57 (mod 1121) 

But the Pee fails at this point to detect a nontrivial factor of 1121, for 
gcd(8973 + 5, 1121) = gcd(8978, 1121) = 1 

gcd(8973 — 5, 1121) = gcd(8968, 1121) = 1121 


When the factoring algorithm has not produced a square fp, after having gone 
through many values of k, there are ways to modify the procedure. One variation 
is to find a set of %’s whose product, with appropriate sign, is a square. Our next 
example illustrates this technique. 


Example 16.4. Consider the integer n = 2059. The table concerning the continued 
fraction expansion of / 2059 is 


k 0 1 2 3 4 5 6 7 8 
ak 45 p) 1 1 1 12 Z 1 17 
Sk 0 45 23 22 13 4] 43 17 42 
tk 1 34 45 35 54 7 30 59 5 


Pk 45 91 136 221 363 465 1293 1758 294 


In search of promising t,, we notice that fytg = 45 -5 = (3 - 5)’. The two associated 
congruences are 


p? =(-1)*h (mod 2059), p> = (—1)tg (mod 2059) 

expressed otherwise, 

917 = 45 (mod 2059), 1758* = 5 (mod 2059) 
Multiplying these together yields 

(91 - 1758)? = 157 (mod 2059) 

or, reduced modulo 2059, 14357 = 157 (mod 2059). This leads to 

gcd(1435 + 15, 2059) = gced(1450, 2059) = 29 
and a divisor 29 of 2059. The complete factorization is 2059 = 29 - 71. 
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Another modification of the algorithm is to factor n by looking at the continued 
fraction expansion of ,/mn, where m is often a prime or the product of the first few 
primes. This amounts to searching for integers x and y where x* = y” (mod mn) 
and then calculating gcd(x + y, mn) in the hope of producing a nontrivial divisor 
of n. 

As an example, let n = 713. Let us look at the integer 4278 = 6-713 with 
expansion / 4278 = [65;2,2,5,1,...]. A square f, arises almost immediately 
in the computations, since t2 = 49. Thus, we examine the congruence ps = 
(—1)?t2 (mod 4278), which is to say 


1317 = (-1)°7’ (mod 4278) 
It is seen that 
gcd(131 + 7, 4278) = gcd(138 , 4278) = gced(6- 23 ,6- 713) = 23 


which gives 23 as a factor of 713. Indeed, 713 = 23 - 31. 

This approach is essentially the one taken by Morrison and Brillhart in their 
landmark factorization of F7. From the first 1300000 of the %’s occuring in the 
expansion of ./257F7, some 2059 of them were completely factored in order to find 
a product that is a square. 

Toward the end of the 20th century, the quadratic sieve algorithm was the method 
of choice for factoring very large composite numbers—including the 129-digit RSA 
Challenge Number. It systematized the factor scheme published by Kraitchik in 
1926 (page 100). This earlier method was based on the observation that a composite 
number 7 can be factored whenever integers x and y satisfying 


x* = y’ (mod n) x #+y (mod n) 


can be found; for then gcd(x — y, n) and gcd(x + y, 7) are nontrivial divisors of n. 
Kraitchik produced the pair x and y by searching for a set of congruences 


x?=y,(modn) i=1,2,...,r 
where the product of the y; is a perfect square. It would follow that 
(x1X2-++X,)? = yiyo-+- yy = Cc? (mod n) 


giving a solution of the desired equation x” = y* (mod n) and, quite possibly, a 
factor of n. The drawback to this technique is that the determination of a promising 
set of y; 1S a trial and error process. 

In 1970, John Brillhart and Michael Morrison developed an efficient strategy for 
identifying congruences ee = y; (mod n) whose product yields a square. The first 
step is the selection of a factor base {—1, pi, P2,..-, pr} consisting of py = 2 and 
small odd primes p; such that n is a quadratic residue of each p;; that is, the value of 
the Legendre symbol (n/p; ) = 1. Usually, the factor base consists of all such primes 
up to some fixed bound. Next the quadratic polynomial 


f(x)=x?—n 


is evaluated for integral x “near” [./n], the largest integer less than ./n. More 
explicitly, take x = [./n], £1+[ /n], 42+ [/n], .... The factor base is tailored 
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to n so that each prime in it divides at least one value of f(x), with —1 included so 
as to allow negative values of f(x). 

We are interested only in those f(x) that factor completely within the primes of 
the factor base, all other values being excluded. 

If 


fx) =(—D’ pi pe---p® ko =Oorl =k; > Ofori =1,2,...,r 


then the factorization can be stored in an (r + 1)-component exponent vector defined 
by 
V(x) = (Ko, Jis Ja, +++ Jr) ji =k; (mod 2) fori = 1,2,...,7 


The components of the vector are either 0 or 1, depending on whether the prime 
p; occurs in f(x) to an even or an odd power. Notice that the exponent vector of 
a product of f(x)’s is the sum of their respective exponent vectors modulo 2. As 
soon as the number of exponent vectors found in this way exceeds the number of 
elements of the factor base, a linear dependency will occur among the vectors— 
although such a relation is often discovered earlier. In other words, there will exist 
a subset x1, X%2,...,X, for which 


V(x1) + v(x2) +--+ + (xs) = (0, 0, ---, 0) (mod 2) 


This means that the product of the corresponding f(x) is a perfect square, say y’, 
resulting in an expression of the form 


(x1xX2 +++ x5)° = f(x) f(x2)- ++ f(%s) = y* (mod n) 


There is a reasonable chance that (x;x2---x;) # +y (mod zn), in which event 
gcd(x1x2---xXs; — y,n) iS a nontrivial divisor of n. Otherwise, new linear depen- 
dencies are searched for until n is factored. 


Example 16.5. As an example of the quadratic sieve algorithm, let us take n = 9487. 
Here [./n] = 97. The factor base selected is {—1, 2, 3, 7, 11, 13, 17, 19, 29} consisting 
of —1 and the eight primes less than 30 for which 9487 is a quadratic residue. We exam- 
ine the quadratic polynomial f(x) = x* — 9487 forx =i+97 (i =0,+1,..., +16). 
Those values of f(x) that factor completely into primes from the factor base are listed 
in the table, along with the components of their exponent vectors. 


x f(x) eof 2 3 7 11 13 17 19 29 
81 —2926 = —2-7-11-19 1 1 0 1 1 0 0 1 0 
84 JA3 11 613.17 1 0 O 0 1 1 1 0 0 
85 —2262 = —2-3-13-29 1 1 1 0 0 1 0 0 1 
89 —1566 = —2-3°.29 1 1 1 0 0 0 0 0 1 
95 —462 = —-2-3-7-11 1 1 1 1 1 0 0 0 0 
97 18 S20 3413 1 1 1 0 0 1 0 0 0 
98 117 = 37 - 13 0 0 0 0 0 1 0 0 0 
100 513 = 37-19 0 0 1 0 0 0 0 1 0 
101 W142 BET AT 0 1 1 1 0 0 1 0 0 
103 MOO 23 1 0 1 1 0 1 0 1 0 0 
109 2394 =2.3%-7-19 0 1 0 1 0 0 0 1 0 
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Our table indicates that the exponent vectors for f(85), f(89), and (98) are 
linearly dependent modulo 2; that is, 


v(85) + v(89) + v(98) = (0, 0, ..., 0) (mod 2) 
The congruences corresponding to these vectors are 
f (85) = 852 = —2-3- 13 - 29 (mod 9487) 
f (89) = 89° = —2- 33 - 29 (mod 9487) 
f (98) = 987 = 3? - 13 (mod 9487) 
which, when multiplied together, produce 
(85 - 89 - 98)* = (2- 3° - 13 - 29)* (mod 9487) 
OT 
7413707 = 20358* (mod 9487) 


Unfortunately, 741370 = 20358 (mod 9487) and no nontrivial factorization of 9487 
will be achieved. 
A more fruitful choice is to employ the dependency relation 


v(81) + vQ5) + v(100) = (0, 0, ..., 0) (mod 2) 
This will lead us to the congruence 
(81-95 -100)* = (2-3*-7-11- 19) (mod 9487) 
or 
7695007 = 263347 (mod 9487) 
Reducing the values modulo 9487, we arrive at 
1053* = 7360 (mod 9487) 
with 1053 # 7360 (mod 9487). Then 
gcd(1053 + 7360 , 9487) = gcd(8413 , 9487) = 179 
and 9487 is factored as 9487 = 179 - 53. 


It is sometimes helpful to notice that once one value of x is found for which 
the prime p divides f(x), then every pth value is also divisible by p; this occurs 
because 


fx +kp)=(«+kpy —n =x? —n= f(x) (mod p) 


fork =0,+1, +2,.... The algorithm “sieves” the integers x much like the sieve of 
Eratosthenes for locating multiples of p. In the last example, for instance 7 divides 
f (81) as well as f(88), f(95), f(102), .... Obtaining values f(x) that factor over 
the factor base can be done by performing this sieving process for each of the primes 
in the base. 

Fermat’s theorem provides a way of recognizing most composite numbers. Sup- 
pose that the character of an odd integer n > 1 is to be determined. If a number a 
can be found with 1 < a < nanda”~! # 1 (mod n), then n is definitely composite. 
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This is known as the Fermat test for nonprimality. It is quite efficient—provided 
we know which a to choose—but has the shortcoming of giving no clue as to what 
the factors of n might be. On the other hand, what happens if the Fermat congru- 
ence a”-! = 1 (mod n) holds? Here, it is “quite likely” that n is prime, although 
we cannot be mathematically certain. The problem is that for a given value of a 
there exist infinitely many composite numbers n for which a”~! = 1 (mod n). These 
numbers 7 are called pseudoprimes with respect to the base a. To give a feel for 
their scarcity, note that below 10!° there are only 14882 pseudoprimes with respect 
to base 2, compared with 455052511 primes. Worse yet, there exist n that are pseu- 
doprime to every base, the so-called absolute pseudoprimes or Carmichael numbers. 
They are an extremely rare sort of number, although there are infinitely many of 
them. 

By imposing further restrictions on the base a in Fermat’s congruence a”! = 1 
(mod 7), it is possible to obtain a definite guarantee of the primality of n. Typical 
of the kind of result to be found is that known as Lucas’s Converse of Fermat’s 
Theorem. It was first given by the French number theorist Edouard Lucas in 1876 
and appears in his Théorie des Nombres (1891). 


Theorem 16.1 Lucas. If there exists an integer a such that a”~! = 1 (mod n) and 
a”—))/P & | (mod n) for all primes p dividing n — 1, then n is a prime. 
Proof. Leta have order k modulo n. According to Theorem 8.1, the condition a”~! = 
(mod n) implies that k |n — 1; say,n — 1 = kj for some j. If j > 1, then 7 will have 
a prime divisor q. Thus, there is an integer satisfying 7 = gh. As a result, 


a”®—Y/a — (ak) = 1" = 1 (modn) 
which contradicts our hypothesis. The implication of all this is that 7 = 1. But we 


already know that the order of a does not exceed ¢(n). Therefore, n — 1 =k < $(n) < 
n — 1, so that d(n) = n — 1, which goes to show that n — | is prime. 


We illustrate the theorem in a specific instance. 


Example 16.6. Let us take n = 997. Then, for the base a = 7, 77° = 1 (mod 997). 
Because n — 1 = 996 = 2” -3 - 83, we compute 


7996/2 — 7498 = —] (mod 997) 
7996/3 — 7332 = 304 (mod 997) 
7996/83 — 7!2 = 9 (mod 997) 


Taking Theorem 16.1 into account, 997 must be prime. 


Theorem 16.1 was improved in the late 1960s so that it is no longer necessary 
to find a single a for which all the hypotheses are satisfied. Instead, a suitable base 
is allowed for each prime factor of n — 1. The result merits being singled out, which 
we do as Theorem 16.2. 


Theorem 16.2. If for each prime p; dividing n — 1 there exists an integer a; such that 
a’! = | (mod n) but Ge + 1 (mod n), then n is prime. 
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Proof. Suppose that n — 1 = py py .. + p*, with the p; distinct primes. Also let h; be 


the order of a; modulo n. The combination of h; |n — 1 andh; J (n — 1)/p; implies 
that Dp, |; (the details are left to the reader). But for each i, we have h; | d(n), and 


therefore Pp," | d(n). This gives n — 1|(n), whence n is prime. 


To provide an example, let us return ton = 997. Knowing the prime divisors of 
n — 1 = 996 to be 2, 3, and 83, we find for the different bases 3, 5, and 7 that 


3996/83 — 312 — 40 (mod 997) 
5996/2 — 5498 — —] (mod 997) 
7996/3 — 7332 = 304 (mod 997) 


Using Theorem 16.2, we can conclude that 997 is a prime number. 

There can be rather serious difficulties in implementing the last two theorems, for 
they reduce the problem of proving the primality of n to that of finding the complete 
factorization of its predecessor n — 1. In many cases it is no easier to factor n — 1 
than it would have been to factor n. Moreover, a great many primes p may have to 
be tried to show that the second part of the hypothesis is satisfied. 

In 1914, Henry Pocklington showed that it is not necessary to know all the 
prime divisors of n — 1. A primality investigation of n can be carried out as soon 
as n — | is factored only up to the point where the size of its factored part exceeds 
that of its unfactored part. However, some of the time saved is offset by the auxiliary 
calculations needed to find certain greatest common divisors. 

Theorem 16.3. Letn — 1 = mj, wherem = pi De ... ps,m > /nandgcd(m, j) = 
1. If for each prime p; (1 <i <s) there exists an integer a; with a = | (mod n) 
(n—1)/p, 


and gcd(a; —1,n) =1, then n is prime. 

Proof. Our argument is similar to that employed in Theorem 16.2. Let p be any 
prime divisor of n and take h; to be the order of a; modulo p. Then h; | p — 1. 
From the congruence ae = 1 (mod p), we also get h; |m — 1. Now the hypoth- 
esis ged(a”0/ P’ 1 n)=1 indicates that es P' £1 (mod p), and therefore 
h; { (n —1)/p;. We infer that p;" |h;, which, in turn, leads us to p; | p — 1. Be- 
cause this holds for each i, m | p — 1. We end up with the contradiction that any prime 


divisor of n must be larger than m > ./n, thereby making n a prime. 


Comparing Theorem 16.3 with Theorem 16.2, we can see that the former the- 
orem requires that, for each prime divisor p of n — 1, a”~?/? — 1 should not be 
a multiple of n; whereas, the latter imposes the more stringent condition that this 
quantity should be relatively prime to n, but for fewer values of p. The most striking 
advantage of Theorem 16.3 over Theorem 16.2 is that it does not demand a complete 
factorization, only a partial factorization that is large enough. The main drawback is 
that we do not know in advance whether sufficiently many factors of n — 1 can be 
obtained to have a successful test. 

It might be illuminating to establish the primality of n = 997 once again, this 
time using Pocklington’s theorem to provide the evidence. Again n — 1 = 996 = 
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12 - 83, where 83 > /997. Thus, we need only select a suitable base for 83, say 
a = 2. Now 2?” = 1 (mod 997) and 


gcd(2”/83 — 1 997) = gcd(4095 , 997) = 1 


leading to the conclusion that 997 is prime. 

Fermat’s theorem allows us to determine whether a large odd integer n > 1 is 
composite without explicitly exhibiting a nontrivial divisor. There is another direct 
test for compositeness, which is called the Miller-Rabin test. One selects a random 
integer, uses it to perform this test, and announces that n is either definitely composite 
or that its nature is still undecided. The algorithm may be described as follows: First 
writen — 1 = 2’m, where m is odd. Next choose anumber 1 < a < n — 1 and form, 
modulo n, the sequence 


in which each term is the square of its predecessor. Then n is said to pass the test for 
this particular base a if the first occurrence of | either is the first term or is preceded 
by —1. 

The coming theorem indicates that an odd prime will pass the above test for 
all such bases a. To reveal the compositeness of an odd integer, it is enough to find 
a value of a for which the test fails. Any such a is said to be a witness for the 
compositeness of n. For each odd composite n, at least three fourths of the numbers 
a with 1 < a < n — 1 will be witnesses for n. 


Theorem 16.4. Let p be an odd prime and p — 1 = 2'm, with m odd andh > 1. Then 
any integer a (1 < a < p — 1) satisfies a” = 1 (mod p) or a” = —1 (mod p) for 
some j = 1,2,...,h—1. 


Proof. Assume that a has order k modulo p. By Theorem 8.1, k must divide p — 1 = 
2'm. When k is odd, Euclid’s lemma tells us that k | m; say, m = kr for some integer 
r. The result is that 


a™ = (a*)’ = 1" = 1 (mod p) 


Now, take k to be even. In this case it may be written as k = 2/+!d, where Jj > O and 
d is an odd integer. The relation 2/+!d|2"m yields j + 1 <h and d|m. Also, from 
the congruence a2’"'4 = 1 (mod p) we get a2’4 = +1 (mod p). Because a has order k, 
a”’4 = | (mod p) is not possible. In consequence, a“ = —1 (mod p). Now m = dt 
for an odd integer t. This leads immediately to 

q”’™ — (q*'4)' = (—1)' = —1 (mod p) 


which establishes the theorem. 


Before continuing, let us use Theorem 16.4 to test n = 2201 for compositeness. 
Now n — 1 = 2? - 275. Working modulo 2201, it turns out that 


9775 = 1582 2°50 — 187 71100 — 1954 97200 — 1582 
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and hence 2201 fails the Miller-Rabin test fora = 2. Thus, 2201 is correctly asserted 
to be composite, with 2 serving as a witness. 

It should be emphasized that surviving the test for a single value of a does 
not guarantee that 1 is prime. For example, if n = 2047 = 23 - 89, then n — 1 = 
2 - 1023. Computing yields 2'°*? = 1 (mod 2047), so that 2047 passes the test. 

The Miller-Rabin test is often called a probabilistic primality test, because 
it uses random input to detect most prime numbers. Suppose that we wish to 
decide whether a given odd integer n is prime. Choose k integers aj, a2, ..., ak 
independently at random, with 0 < a; <n. Ifn fails the Miller-Rabin test for some 
one of the a;, then n is immediately seen to be composite. Although passing the test 
for all a; 1s no actual guarantee of the primality of n, it might well make us strongly 
suspect that it is prime. In this situation n is commonly described as being a probable 
prime (something of a misnomer, because n is either a prime or it is not). It can be 
shown that the probability of a composite integer surviving a series of k Miller-Rabin 
tests 1s at most (3)*. With reasonable confidence in the correctness of the answer, 
we are able to declare that n is prime without any formal proof having been given. 
Modern computers make taking k = 100 in the random base procedure perfectly 
realistic, in which case the probability that n is actually prime is at least 1 — (4)!®. 

One consequence of the Miller-Rabin test was the determination (1999) that the 
repunit R499g1 1s a probable prime. 


PROBLEMS 16.2 


1. Use Pollard’s rho-method to factor the following integers: 
(a) 299. 
(b) 1003. 
(c) 8051. 
2. Find a nontrivial factor of 4087 by the rho-method employing the indicated xp and f(x): 
(a) x9 = 2, f(x) =x? —-1. 
(b) x9 = 3, fx) =x? +1. 
(c) x9 = 2, f(x) =x? +x4+-1. 
3. By applying Pollard’s p — 1 method, obtain a factorization of 
(a) 1711. 
(b) 4847. 
(c) 9943. 
4. Use the continued fraction factorization algorithm to factor each of the following integers: 
(a) 124] 
[Hint: /1241 = [35; 4,2,1,1...].] 
(b) 2173 
(c) 949 
[Hint: The integer ff; is a square. | 
(d) 7811 
[Hint: /7811 = [88; 2,1,1,1,2,1,1,2...] leads to tptg = 85*.] 
5. Factor 1189 by applying the continued fraction factorization algorithm to 7134 = 
6 - 1189. 
6. Use the quadratic sieve method to factor each of the following integers: 
(a) 8131 
[Hint: Take —1,2,3,5,7 as the factor base. ] 
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(b) 13199 
[Hint: Use the factor base —1,2,5,7,13,29.] 
(c) 17873 
[Hint: Use the factor base —1,2,7,11,23.] 
7. Use Lucas’s primality test to the base a to deduce that the integers below are prime: 
(a) 907, a = 2. 
(b) 1301, a = 2. 
(c) 1709, a = 3. 
8. Verify the primality of the following integers by means of Pocklington’s theorem: 
(a) 917. 


(b) 5023. 
(c) 7057. 

9. Show that Pocklington’s theorem leads to the following result of E. Proth (1878). Let 
n=k-2"+1, where k is odd and 1 <k < 2”: if a”~/* = —] (mod n) for some 


integer a, then n is prime. 
10. Use Proth’s result to establish the primality of the following: 
(a) 97=3-2 41. 
(b) 449 =7-2°+1. 
(c) 3329 = 13-25 +1. 
11. An odd composite integer that passes the Miller-Rabin test to the base a is said to be a 
strong pseudoprime to the base a. Confirm the assertions below: 
(a) The integer 2047 is not a strong pseudoprime to the base 3. 
(b) 25 is a strong pseudoprime to the base 7. 
(c) 65 is a Strong pseudoprime to the base 8, and to the base 18. 
(d) 341 is a pseudoprime, but not a strong pseudoprime to the base 2. 
12. Establish that there are infinitely many strong pseudoprimes to the base 2. 
[Hint: If n is a pseudoprime (base 2), show that M, = 2” — 1 is a strong pseudoprime to 
the base 2.] 
13. For any composite Fermat number F,, = 2” + 1, prove that F,, is a strong pseudoprime 
to the base 2. 


16.3 AN APPLICATION TO FACTORING: REMOTE 
COIN FLIPPING 


Suppose that two people, Alice and Bob, wish to flip a fair coin while they are 
conversing over the telephone. Each entertains a doubt: would the person flipping 
the coin possibly cheat, by telling the party who calls the outcome that they are 
wrong—no matter how the coin turns up? Without resorting to the services of trusted 
witnesses, can a procedure be set up that cannot be biased by either Alice or Bob? 

In 1982, Manuel Blum devised a number-theoretic scheme, a two-part protocol, 
which meets the specifications of a coin toss: that is, the probability of correctly 
guessing the outcome is 1/2. The game’s security against duplicity hinges on the 
difficulty of factoring integers that are the products of two large primes of roughly 
the same size. 

At a certain stage in Blum’s game, one of the players is required to solve the 
quadratic congruence x” = a (modn). A solution is said to be a square root of 
the integer a modulo n. When n = pq, with p and gq distinct odd primes, there 
are exactly four incongruent square roots of a modulo n. To see this, observe that 
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x? = a (mod n) admits a solution if and only if the two congruences 
x? =a (mod DP) and x* =a (mod q) 


are both solvable. The solutions of these two congruences—assuming they exist— 
split into two pairs +x; (mod p) and +x (mod q), which may be combined to form 
four sets of simultaneous congruences: 


x = x; (mod p) 
x = x2 (mod gq) 


x = —x, (mod p) 


x = —x2 (mod q) 
x =x, (mod p) 
x = —xX2 (mod q) 


x = —x, (mod p) 
x = x2 (mod q) 


We find four square roots of a modulo n when we solve these systems using the 
Chinese Remainder Theorem. Before going any further, we pause for an example. 
Example 16.7. Let us determine the solutions of the congruence 
x? = 324 (mod 391) 


where 391 = 17 - 23; in other words, find the four square roots of 324 modulo 391. 
Now 


x* = 324 = 1 (mod 17) and x? = 324 = 2 (mod 23) 
have respective solutions 
x = +1 (mod 17) and x = +5 (mod 23) 
We therefore obtain four pairs of simultaneous linear congruences: 


x = 1 (mod 17) 
x = —5 (mod 23) 


= —] (mod 17) 

= 5 (mod 23) 
x = 1 (mod 17) 
x =5 (mod 23) 


x = —1 (mod 17) 
= —5 (mod 23) 
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The solutions of the first two pairs of congruences are x = 18 (mod 391) and 

x = —18 (mod 391); the solutions of the last two pairs are x = 120 (mod 391) and 

= —120 (mod 391). Hence, the four square roots of 324 modulo 391 are x = +18, 
+120 (mod 391) or, using positive integers, 


x = 18, 120, 271, 373 (mod 391) 


We single out numbers of the form n = pq, where p = gq = 3 (mod 4) are 
distinct primes, by referring to them as Blum integers. For integers of this type, the 
work of finding square roots modulo n (as indicated in Example 16.7) is simplified 
by observing that the two solutions of x* = a (mod p) are given by 


x = +a?*/4 (mod p) 
This is seen from 


(tal TDA? = gPtD? = gD? .g =1-a =a (mod p) 


with a‘?—))/? = | (mod p) by Euler’s criterion. Take, as a particular instance, the 
congruence x* = 2 (mod 23). It admits the pair of solutions 


42°3+D/4 — +96 = +64 = +5 (mod 23) 


With this brief detour behind us, let us return to Blum’s protocol for handling 
long-distance coin flipping. It is assumed that each player has a telephone-linked 
computer for carrying out computations during the game. The procedure is: 


1. Alice begins by choosing two large primes p and q, both congruent to 3 modulo 
4. She announces only their product n = pq to Bob. 


2. Bob responds by randomly selecting an integer 0 < x <n with gcd(x,n) = 
1. He sends its square, a =x* (modn), to Alice. (This corresponds to the 
coin flip.) 

3. Knowing p andq, Alice calculates the four square roots x, —x, y, —y of a modulo 
n. She picks one of them to send to Bob. (That is, Alice calls the toss.) 


4. If Bob receives +x, he declares Alice to have guessed correctly. Otherwise, Bob 
wins; for he is able to factor n. (A winner is announced.) 


Notice that each of the parties knows a different secret during the course of the 
game. The prime factors of n are Alice’s concealed information, and Bob’s personal 
secret is his choice of the integer x. Alice has no way of knowing x, so that her 
guess at +x among the possible square roots of a is a real one, with a 50% chance 
of success: she cannot do better than toss a coin to make her selection. 

If Bob receives y or — y from Alice, then he possesses two different square roots 
of a modulo n. He will be able to convince Alice that she has guessed incorrectly 
by sending back to her the factors p and q of n. To do this, Bob simply needs to 
calculate gcd(x + y,n). The underlying idea is that the congruence 


x*=az=y*(modn) x #+y(modn) 
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leads to pq|(x + y)(x — y). This in turn implies that each prime divides either x + y 
or x — y, although both cannot divide the same factor. Thus gcd(x + y, n) is either 
p or g, and gcd(x — y,n) produces the other prime factor. 

On the other hand, if Bob is sent either x or —x, then he has learned nothing 
new and is unable to factor n in a reasonable length of time. His failure to do so is 
an admission that Alice has won the game. After the game is over, she can assure 
Bob that she used a Blum integer by providing its factors. Bob should check that the 
disclosed factors are indeed primes. 

We close with an example of Blum’s game using small prime numbers, although 
modern-day computers allow primes with a hundred or more digits. 


Example 16.8. Alice begins by choosing the primes p = 43 and g = 71 and telling 
Bob their product, 3053 = 43 - 71. He responds by randomly selecting 192 as his secret 
number; then Bob computes 


192” = 36864 = 228 (mod 3053) 


and sends back the value 228. 
To obtain the four square roots of 228 modulo 3053, Alice first solves the quadratic 
congruences 


x* = 228 = 13(mod43) and  x* = 228 = 15 (mod71) 
Because 43 = 71 = 3 (mod 4), their solutions turn out to be 
x = A136 = 413" = £20 (mod 43) 
x= $157 D/ = 415!8 = +21 (mod 71) 
respectively. Next Alice solves the four systems of linear congruences determined by 
x = +20 (mod 43) and x = +21 (mod 71). From the Chinese Remainder Theorem, 


she finds that x = +192 (mod 3053) or x = +1399 (mod 3053); expressed as positive 
numbers, 


x = 192, 2861, 1399, 1654 (mod 3053) 


Of these four numbers, two are equivalent modulo 3053 to Bob’s secret number 
and the other two are not. Although Alice has an even chance of picking a “correct” 
number, let us suppose that she makes a non-winning choice by guessing at 1399. This 
means that Bob has won the toss, but Alice prudently challenges him to prove it. So 
Bob determines the factorization of 3053 by calculating. 


gcd(192 + 1399 , 3053) = ged(1591 , 3053) = 43 
gcd(192 — 1399 , 3053) = ged(—1207 , 3053) = 71 


He sends these factors to Alice to confirm that she has chosen incorrectly. 


PROBLEMS 16.3 
1. Determine whether 12 has a square root modulo 85; that is, whether x7 = 12 (mod 85) is 
solvable. 
2. Find the four incongruent solutions of each of the quadratic congruences below: 
(a) x* = 15 (mod 77). 
(b) x* = 100 (mod 209). 
(c) x* = 58 (mod 69). 
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3. Carry out the details of a long-distance coin toss in which Alice selects p = 23, g = 31 
and Bob chooses x = 73. 
4. Fora coin toss over a phone line, Alice selects p = 47, g = 79 and Bob chooses x = 123. 
Of the four numbers Alice then calculates, which two represent losing calls? 
5. Here is another procedure for tossing coins electronically: 
(a) Alice and Bob agree on a prime number p such that p — 1 contains at least one large 
prime factor. 
(b) Bob chooses two primitive roots r and s of p. He sends the two roots to Alice. 
(c) Alice now picks an integer x, where gcd(x, p — 1) = 1. She returns to Bob one of the 
values y = r* (mod p) and y = s* (mod p). (This corresponds to the coin toss.) 
(d) Bob “calls the toss” by guessing whether r or s was used to calculate y. 
Work through the details of a coin toss where p = 173,r = 2,5 = 3, and x = 42. 


16.4 THE PRIME NUMBER THEOREM AND ZETA FUNCTION 


Although the sequence of prime numbers exhibits great irregularities of detail, a 
trend is definitely apparent “in the large.” The celebrated Prime Number Theorem 
allows us to predict, at least in gross terms, how many primes there are less than a 
given number. It states that if the number is 1, then there are about n divided by logn 
(here, logn denotes the natural logarithm of 1) primes before it. Thus, the Prime 
Number Theorem tells us how the primes are distributed “in the large,’ or “on the 
average,’ or “in a probability sense.” 

One measure of the distribution of primes is the function (x), which, for any 
real number x, represents the number of primes that do not exceed x; in symbols, 
ro) =>. p<x 1. In Chapter 3, we proved that there are infinitely many primes, 
which is simply an expression of the fact that lim,_,.. 7(x) = oo. Going in the other 
direction, it is clear that the prime numbers become on the average more widely 
spaced in the higher parts of any table of primes; in informal terms, one might say 
that almost all of the positive integers are composite. 

By way of justifying our last assertion, let us show that the limit 
lim,-5 99 1(x)/x = 0. Because m(x)/x > O for all x > 0, the problem is reduced 
to proving that m(x)/x can be made arbitrarily small by choosing x sufficiently 
large. In more precise terms, what we shall prove is that if € > 01s any number, then 
there must exist some positive integer N such that w(x)/x < € whenever x > N. 

To start, let n be a positive integer and use Bertrand’s conjecture to pick a 
prime p with 2”~! < p < 2”. Then p|(2")!, but p J (2”—')!, so that the binomial 
coefficient (¥,_,) is divisible by p. This leads to the inequalities 


n 2 a ny\_ n— 
22" > (2) > I] part yet? ') 
Ql eps? 


and, upon taking the exponents of 2 on each side, the subsequent inequality 


n 


(1) 


n n—1 2 
m(2°)—- m2") < 
n—1| 
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If we successively set n = 2k, 2k — 1, 2k — 2,...,3 in inequality (1) and add 
the resulting inequalities, we get 


r 


2k 
OO) = 
r=3 


r—1 


But (27) < 2? trivially, so that 


a RD kor 2k or 
2 — 
me er rit 2a 


In the last two sums, let us replace the denominators r — 1 by 1 and k, respectively, 
to arrive at 


k 2k or D2k+1 
n(@*y< r+ >> "as DN ae Sa 
r=2 r=k+1 


Because k < 2°, we have 2'+! < 27*+!/k for k > 2, and therefore 
92k+1 92k 
(27*) a) ( ; — <4 (=) 
k k 


m(2**) 4 

52k ae k (2) 
With this inequality available, our argument proceeds rapidly to its conclusion. Given 
any real number x > 4, there exists a unique integer k satisfying 2**-? < x < 27*, 


From inequality (2), it follows that 
m(x) m(27*) = (27k) 2) 16 
< = 4 < — 


x x 92k-2 92k k 


which can be written as 


If we now take x > N = 27(!6/eI+) then k > [16/e] + 1; hence, 
(x) 16 
a ee a 
x (ieee D 


as desired. 
A well-known conjecture of Hardy and Littlewood, dating from 1923, is that 


u(x + y) < a(x) + 2(y) 


for all integers x, y with 2 < y < x. Written as w(x + y) — 2(y) < 2(Q), the in- 
equality asserts that no interval y< k < x+y of length x can contain as many 
prime numbers as there are in the interval 0 < k < x. Although the conjecture has 
been checked for x + y < 100000, it appears likely that there will be exceptions 
which, even though rare, will prove the conjecture false. The computations simply 
have not gone far enough to produce the first counterexample. Curiously, there is no 
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counterexample when x = y, because it has been shown (1975) that the inequality 
m(2x) < 27(x) holds for all x > 11. 
It was Euler (probably about 1740) who introduced into analysis the zeta function 


CO 
1 
= 3, | ae 375 ae 
¢(s) d = +27 +3 + 
the function on whose properties the proof of the Prime Number Theorem ultimately 
depended. Euler’s fundamental contribution to the subject is the formula representing 
¢(s) as a convergent infinite product; namely, 


= 
“)=[](1- 5) s>1 


p 


where p runs through all primes. Its importance arises from the fact that it asserts 
equality of two expressions of which one contains the primes explicitly and the other 
does not. Euler considered ¢(s) as a function of a real variable only, but his formula 
nonetheless indicates the existence of a deep-lying connection between the theory 
of primes and the analytic properties of the zeta function. 

Euler’s expression for ¢(s) results from expanding each of the factors in the 
right-hand member as 


-1+44(4)+(4)+ 
bee ip p° p° p’ 


and observing that their product is the sum of all terms of the form 


1 
ki ok k; 
(Py Py ++ Pr’) 
where pj,..., Py are distinct primes. Because every positive integer n can be written 


uniquely as a product of prime powers, each term 1/n* appears once and only once 
in this sum; that is, the sum simply is )>*~., 1/n’°. 

It turns out that Euler’s formula for the zeta function leads to a deceptively short 
proof of the infinitude of primes: the occurrence of a finite product on the right-hand 
side would contradict the fact that lim,_,; ¢(s) = oo. 

A problem that continues to attract interest concerns the value of ¢(n) when n > 
1 is an integer. Euler showed during the 1730s that ¢(2n) is a rational multiple of 
mz", which makes it an irrational number: 


¢(2) = 2/6, €(4) = 17/90, £(6) = 1°/945, £(8) = 2°/9450, ... 


The question remains unsettled for odd integers. Only in 1978 did the French mathe- 
matician Roger Apéry establish that ¢ (3) is irrational; although the proof was hailed 
as “miraculous and magnificent” when it first appeared, it did not extend in any 
obvious way to ¢(2n + 1) forn > 1. However, in 2000 it was proved that infinitely 
many such values are irrational. 

Legendre was the first to make any significant conjecture about functions that 
give a good approximation to z(x) for large values of x. In his book Essai sur la 
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Théorie des Nombres (1798), Legendre ventured that 2 (x) is approximately equal 
to the function 


Xx 
log x — 1.08366 


By compiling extensive tables on how the primes distribute themselves in blocks 
of 1000 consecutive integers, Gauss reached the conclusion that (x) increases at 
roughly the same rate as each of the functions x / log x and 


Xx 
Lic | ay 
2 logu 
with the logarithmic integral Li(x) providing a much closer numerical approxima- 
tion. Gauss’s observations were communicated in a letter to the noted astronomer 
Johann Encke in 1849, and first published in 1863, but appear to have begun as 
early as 1791 when Gauss was 14 years old—well before Legendre’s treatise was 


written. 
It is interesting to compare these remarks with the evidence of the tables: 


x x (x) 
x (x) log x — 1.08366 log x Li(x) (x / log x) 
1000 168 172 145 178 1.159 
10,000 1,229 1,231 1086 1246 1.132 
100,000 9,592 9,588 8,686 9,630 1.104 
1,000,000 78,498 78,543 72,382 78,628 1.084 
10,000,000 664,579 665,140 620,420 664,918 1.071 
100,000,000 5,761,455 5,768,004 5,428,681 5,762,209 1.061 


The first demonstrable progress toward comparing z (x) with x / log x was made 
by the Russian mathematician P. L. Tchebycheff. In 1850, he proved that there exist 
positive constants a and b,a < 1 < b, such that 


x x 
a ( ) <m(x) <b ( } 
logx log x 


for sufficiently large x. Tchebycheff also showed that if the quotient m(x)/(x/ log x) 
has a limit as x increases, then its value must be 1. Tchebycheff’s work, fine as it 
is, is a record of failure: What he could not establish is that the foregoing limit does 
in fact exist, and, because he failed to do this, he failed to prove the Prime Number 
Theorem. It was not until some 45 years later that the final gap was filled. 

We might observe at this point that Tchebycheff’s result implies that the series 
>» p |/p, extended over all primes, diverges. To see this, let p, be the nth prime, so 
that 2 (p,) = n. Because we have 


5 
m(x)>a ( ) 
logx 
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for sufficiently large x, it follows that the inequality 


n= (pn) > a( ) > vim 


Pn 
log Pn 
holds if n is taken sufficiently large. But n* > p, leads to log p, < 2logn, and 
therefore we get 


apn < nlog pn, < 2nlogn 


when n is large. In consequence, the series )>°°., 1/pn will diverge in comparison 
with the known divergent series }-~.,(1/n logn). 

A result similar to the previous one holds for primes in arithmetic progressions. 
We know that if gcd(a , b) = 1, then there are infinitely many primes of the form 
p =an + BD. Dirichlet proved that the sum of 1/p, taken over such primes, diverges. 
For instance, it applies to 4n + 1 primes: 


S 2acee be ees 
page: ee Is To 


is a divergent series. 

A dramatic change takes place when the primes are allowed to run over just 
the twin primes. In 1919, the Norwegian mathematician Viggo Brun showed that 
the series formed by the reciprocals of the twin primes converges. The twin primes 
(even if there are infinitely many of them) are “sufficiently scarce” in the sequence 
of all primes to cause convergence. 


The sum 
b= eee oF ae i ae er 
Ne 5 = 11 13 
which is called Brun’s constant, is estimated to be 1.9021604 + 5 - 107’. Notice that 
the prime 5 appears in the two twin pairs 3,5 and 5,7; no other prime number enjoys 
this property. 
Let 72(x) denote the number of prime pairs not exceeding x; that is, the number 


of primes p for which p + 2 < x is also a prime. A famous conjecture (1923) of 
Hardy and Littlewood is that zr2(x) increases much like the function 


* du 
(log u)? 


where C = 0.661618158... is known as the twin-prime constant. The next table 
gives some idea how closely m2 is approximated by L2(x). 

The radically new ideas that were to furnish the Key to a proof of the Prime Num- 
ber Theorem were introduced by Bernhard Riemann in his epoch-making memoir 
Uber die Anzahl der Primzahlen unter einer gegebenen Grosse of 1859 (his only 
paper on the theory of numbers). Where Euler had restricted the zeta function ¢(s) 
to real values of s, Riemann recognized the connection between the distribution of 


Eo(x) = 2C 
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primes and the behavior of ¢(s) as a function of a complex variable s = a + bi. He 
enunciated a number of properties of the zeta function, together with a remarkable 
identity, known as Riemann’s explicit formula, relating 2 (x) to the zeros of ¢(s) in 
the s-plane. The result has caught the imagination of most mathematicians because it 
iS SO unexpected, connecting two seemingly unrelated areas in mathematics; namely, 
number theory, which is the study of the discrete, and complex analysis, which deals 
with continuous processes. 


x 72(x) L(x) — m2(x) 
103 35 11 
107 205 9 
10° 1,224 25 
10° 8,169 79 
10’ 58,980 —226 
10° 440,312 56 
10° 3,424,506 802 
10!° 27,412,679 —1262 
10!! 224,376,048 —7183 


In his memoir, Riemann made a number of conjectures concerning the distri- 
bution of the zeros of the zeta function. The most famous is the so-called Riemann 
hypothesis which asserts that all the nonreal zeros of ¢(s) are at points , + bi 
of the complex plane; that is, they lie on the “critical line” Re(s) = 7 In 1914, 
G. H. Hardy provided the first concrete result by proving that there are infinitely 
many zeros of ¢(s) on the critical line. A series of large computations has been 
made, culminating in the recent verification that the Riemann hypothesis holds for 
all of the first (1.5)10!° zeros, an effort that involved over a thousand hours on 
a modern supercomputer. This famous conjecture has never been proved or dis- 
proved, and it is undoubtedly the most important unsolved problem in mathematics 
today. 

Riemann’s investigations were exploited by Jacques Hadamard and Charles 
de la Vallée Poussin who, in 1896, independently of each other and almost 
simultaneously, succeeded in proving that 


(x) 
im ——— = 
x>00 x/logx 
The result expressed in this formula has since become known as the Prime Number 
Theorem. De la Vallée Poussin went considerably further in his research. He showed 
that, for sufficiently large values of x, a(x) is more accurately represented by the 
logarithmic integral Li(x) than by the function 
x 
logx —A 


no matter what value is assigned to the constant A, and that the most favorable 
choice of A in Legendre’s function is 1. This is at variance with Legendre’s original 
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contention that A = 1.08366, but his estimate (based on tables extending only as 
far as x = 400000) had long been recognized as having little more than historical 
interest. 

Today a good deal more is known about the relationship between mz(x) and 
Li(x). We shall only mention a theorem of Littlewood to the effect that the difference 
(x) — Li(x) assumes both positive and negative values infinitely often as x runs 
over all positive integers. Littlhewood’s result is a pure “existence theorem” and no 
numerical value for x for which 2(x) — Li(x) is positive has ever been found. It is 
a curious fact that an upper bound on the size of the first x satisfying r(x) > Li(x) 
is available; such an x must occur someplace before 


oe 


1034 
e wij! 


a number of incomprehensible magnitude. Hardy contended that it was the largest 
number that ever had a practical purpose. This upper limit, obtained by S. Skewes in 
1933, has gone into the literature under the name of the Skewes number. Somewhat 
later (1955), Skewes decreased the top exponent in his number from 34 to 3. In 1997, 
this bound was reduced considerably when it was proved that there are more than 
107!! successive integers x in the vicinity of (1.398) 10°!° for which (x) > Li(x). 
However, an explicit numerical value of x is still beyond the reach of any computer. 
What is perhaps remarkable is that (x) < Li(x) for all x at which (x) has been 
calculated exactly, that is, for all x in the range x < 2 - 10!*. Some values are given 
in the table: 


x (x) Lix) — a(x) 
10° 50,847,543 1701 

10! 455,052,511 3104 

10!! 4,118,054,813 11,588 
10!2 37,607,912,018 38,263 
10/3 346,065,536,839 108,971 
10/4 3,204,941,750,802 314,890 
10) 29,844,570,422,669 1,052,619 
10/6 279 238,34 1,033,925 3,214,632 
10!” 2,623,557, 157,654,233 7,956,589 
10!8 24,739,954,287,740,860 21,949,555 


Although this table gives the impression that Li(x) — 2 (x) is always positive and 
gets larger as x increases, negative values will eventually overwhelm the positive 
ones. 

A useful sidelight to the Prime Number Theorem deserves our attention; to wit, 


nlogn 


at | 


n> Oo Ph 


For, starting with the relation 
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we may take logarithms and use the fact that the logarithmic function is continuous 
to obtain 


lim [log z(x) + log(log x) — log x] = 0 
or equivalently, 


log m(x) .  log(log x) 
lim =1— lm —— 
x00 log x X— 0O log X 


But lim,_, ~ log(log x)/ log x = 0, which leads to 
l 
(ae aa 
X00 log x 


We then get 


] 
b= kim we 8% 


x00 xX 


_ m(x)logmr(x) log x 
lim ——————— - 
X00 x log 1 (x) 
_ m(x)logm(x) 
= in ————— 
x—>0Oo 5 8 
Setting x = p,, so that z(p,) = n, the result 
. niogn 
lim 


n> Oo Ph 


=) 5 


follows. This may be interpreted as asserting that if there are n primes in an interval, 
then the length of the interval is roughly n logn. 

Until recent times, the opinion prevailed that the Prime Number Theorem could 
not be proved without the help of the properties of the zeta function, and without 
recourse to complex function theory. It came as a great surprise when in 1949 the 
Norwegian mathematician Atle Selberg discovered a purely arithmetical proof. His 
paper An Elementary Proof of the Prime Number Theorem is “elementary” in the 
technical sense of avoiding the methods of modern analysis; indeed, its content is 
exceedingly difficult. Selberg was awarded a Fields Medal at the 1950 International 
Congress of Mathematicians for his work in this area. The Fields Medal is considered 
to be the equivalent in mathematics of a Nobel Prize. (The thought that mathematics 
should be included in his areas of recognition seems never to have occurred to Alfred 
Nobel.) Presented every 4 years to a person under forty, the medal is the mathematical 
community’s most distinguished award. 


It will be another million years, at least, before we understand the primes. 
PAUL ERDOS 


CMADAMS 


10. 


11. 


MISCELLANEOUS PROBLEMS 


The positive integers stand there, a continual and inevitable challenge to the 
curiosity of every healthy mind. 
G. H. Harpy 


. Use induction to establish the following: 


Oho 54o- sen ae eee 


A 
Oe ate ne 
1-5 5-9 (4n—3)(4n+1) 4n41 
1 1 
(C) a en. 
V2 V3 Jn 
. Prove that 

n> nn 
3 2 6 


is an integer forn > 1. 


. Ifn > 1, establish the divisibility assertions below: 


(a) 7 | q3ntl te A3n+1 ed: 
(b) 133 | 117+? 4+ 12%" 
(c) 11 | 35n fs A5n+2 ze Ssatl. 


. Verify that gcd(n! + 1,(n+1)!+1) = 1. 
. For all > 1, prove that 8 - 27° + 1 is composite. 
. Find all primes p for which 29p + 1 is a perfect square. 


If n* + 2 is prime, show that 3 | n. 


. Show that if p > 3 and g = p+ 2 are twin primes, then pg = —1 (mod 9). 
. Prove the following: 


(a) If7|a> +b? +c?, then7|aor7|bor7\|c. 

(b) 9J(n — 17 +n? +(n + 1) for all n > 1. 

For positive integers n and m, establish that 3” + 3” + 1 is never a perfect square. 
[Hint: Work modulo 8.] 

Find the smallest positive value of n for which 

(a) Equation 301x + 77y = 2000 + 7 has a solution. 

(b) Equation 5x + 7y =n has exactly three positive solutions. 
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26. 


27. 


28. 


29. 


30. 


31. 


32. 


33: 


34. 


35. 
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For n > 1, let 2” and 2”*! be written in decimal form. If N is the number formed by 
placing these decimal representations side by side, show that 3 | N. For example, when 
n = 6, we have 3 | 64128 and 3 | 12864. 


. For what digits X is 242628X91715131 divisible by 3? 
. Find the last digit of 1999! and the last two digits of 3*°7!. 
. The three children in a family have feet that are 5, 7, and 9 inches long. Each child 


measures the length of the dining room in their housing using their feet, and each finds 
that there are 3 inches left over. How long is the dining room? 


. In the sequence of triangular numbers, suppose that 


Lb Gist ind) =e 


Determine k as a function of n. 


. Prove that a repunit prime R,, cannot be expressed as the sum of two squares. 
. Find the remainder when 70!/18 is divided by 71. 
. State and prove the general result illustrated by 


4* = 16 34° = 1156 3347 — 111556 33347 = 11115556,... 


. If p is a prime, show that p | (t(p)@(p) + 2) and p|(t(p)o(p) — 2). 
. Establish the formula }7,,,, u(d)2°/ = | w(n)|. 

. Prove that n is an even integer if and only if >|, in P(A) L(A) = 0. 

. If t(m) 1s divisible by an odd prime, show that p(n) = 0. 

. Determine whether 97 divides n* — 85 for some choice of n > 1. 

. Find all integers n that satisfy the equation 


(n—1P +r° +1419 =(n+2/ 


[Hint: Work with the equation obtained by replacing n by k + 4.] 
Prove that the Fermat numbers are such that 


Fy, + Frai = 1 (mod 7) 


Verify that 6 is the only square-free even perfect number. 

Given any four consecutive positive integers, show that at least one cannot be written as 
the sum of two squares. 

Prove that the terms of the Lucas sequence satisfy the congruence 


2" Lyn = 2 (mod 10) 


Show that there are infinitely many Fibonacci numbers that are divisible by 5, but no 
Lucas numbers. 
For the Fibonacci numbers, establish that 18 divides 


Un+i1 + Un+7 + 8Un45 + Un+3 + 2Un n> 1 


Prove that there exist infinitely many positive integers n such that n and 3n — 2 are per- 
fect squares. 
If n = 5 (mod 10), show that 11 divides the sum 


12” +97 + 8” + 6” 


Establish the following: 

(a) 7 divides no number of the form 2” + 1,n > 0. 

(b) 7 divides infinitely many numbers of the form 10” + 3,n > 0. 

For n = +4 (mod 9), show that the equation n = a? + b? +c? has no integer solution. 


40. 


41. 


42. 


43. 


44. 


45. 
46. 


47. 


48. 


49. 


50. 
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. Prove that if the odd prime p divides a* + b*, where gcd(a , b) = 1, then p = 1 (mod 4). 
. Find an integer n for which the product 9999 - n is a repunit. 


[Hint: Work with the equation 9999 -n = Ra,.] 


. Verify that 10 is the only triangular number that can be written as the sum of two 


consecutive odd squares. 


. Determine whether there exists a Euclidean number 


pela 2 35s sep el 


that is a perfect square. 

Consider a prime p = 1 (mod 60). Show that there exist positive integers a and b with 
p =a* +)’, where 3 divides a or b and 5 divides a or b. 

Prove that the sum 


299 Ft 2999 > 29999 ees ai O99 99999 


is divisible by 12. 

Use Pell’s equation to show that there are infinitely many integers that are simultaneously 
triangular numbers and perfect squares. 

Givenn > Q, show that there exist infinitely many k for which the integer (2k + 1)2” + 1 
1S prime. 

Show that each term of the sequence 


16, 1156, 111556, 11115556, 1111155556.... 


is a perfect square. 

Find all primes of the form p* + 2”, where p is a prime. 

The primes 37,67,73,79.... are of the form p = 36ab + 6a — 6b+ 1, witha > 1, b> 
1. Show that no pair of twin primes can contain a prime of this form. 

Prove that n! is not a perfect square for n > 1. 

[Hint: Use Bertrand’s conjecture. | 

A near-repunit is an integer ; R, that has n — 1 digits equal to 1, and a 0 in the k + 1’st 
place from the right; that is, 


Rn = Ry_p_10**! + Ry = 111---11011---111 


Show that if gcd(n — 1, 3k) > 1, then; R, is composite. 

Let p1, P2,.--, Pn be the first n primes in the natural order. Show that there are at least 
two new primes in the interval p, < x < pi po-::pn+1forn > 2. 

Verify that there exist no primes p and gq that satisfy the condition p* = 10% — 999. 
[Hint: Work modulo 7.] 
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TABLES 


TABLE 1 


The least primitive root r of each prime p, where 2 = p < 1000. 


efelle |e iio [eto | eo | ei 
283 3 467 


p 
661 


2 1 3 2 2 2 
3 Z 2 2 479 13 673 5 3 
5 2 3 3 677 2 2 
7 3 2 2 683 5 5 
11 Z 2 7. 691 3 Z 
13 2 6 5 701 2 17 
17 3 >) 2 709 2 7 
19 2 2 3 719 11 3 
23 5 5 2 Ae 5 5 
29 2 Z 2 733 6 2 
31 3 Z Z 739 3 Z 
37 2 2 2 743 5 3 
41 6 9 2 751 3 5 
43 3 >) 3 757 P 6 
47 5 2 3 761 6 3 
53 2 3 5 769 11 5 
59 2 2 2 oe ie, 2 6 
61 | 2 3 3 787 2 7 
71 7 6 7 809 3 
Ys, 5 3 Z 3 811 3 
79 e) i 2 Z 821 2 
83 2 a 7 3 823 3 
89 3 6 5 2 827 2 
97 5 3 15 3 829 2 
101 2 5 2 3 839 1 
103 5 2 3 11 853 2 
107 2 6 13 5 857 3 
109 6 5 2 2 859 2 
113 3 3 3 2 863 5 
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TABLE 2 


The smallest prime factor of each odd integer n, 3 = n = 4999, not divisible by 5; a dash in the 
table indicates that n is itself prime. 


1 101 — 201 3 301 7 401 — 
a 103 — 203 7 303 3 403 13 
a 107 — 207 3 307 — 407. 11 
9 3 109 —_— 209 11 309 3 409 —_— 
11 — 111 3 211 — 311 — 41] 3 
13 — 113 —_— 213 3 313 — 413 pé 
17 — 117 3 217 7 317 — 417 3 
19 — 119 rf 219 3 319 11 419 — 
21 3 12] 11 221 13 321 3 42] — 
2330 — 123 3 223 = 323. «17 423 3 
27 3 127 — 227 —_ 327 3 427 y 
29 — 129 3 229 —_ 329 7 429 3 
31 — 131 — 231 3 331 — 43] — 
33 3 133 7 233 — 333 3 433 — 
a 1370 — 237 3 33700 437 19 
39 3 139 — 2339 — 339 3 439 — 
41 — 141 3 241 — 341 11 441 3 
a 143 11 243 3 343 7 443 — 
47 — 147 3 247 13 347 — 447 3 
49 7 149 — 249 3 349 — 449 — 
5] 3 151 — 251 —_ 351 3 451 11 
py 153 3 253s 11 353 — 453 
57 3 57. — 57. = 357 3 Ss 
59 — 159 3 259 7 39 — 459 3 
61 — 161 7 261 3 361 19 461 — 
63 3 163 — 263 — 363 3 463 — 
67 —_— 167 —_— 267 3 367 — 467 — 
69 3 169 13 269 — 369 3 469 7 
71006— 171 3 271 — 371 7 471 3 
5 1730 — 273 3 373 473 11 
77 7 177 3 277 = 377 13 477 3 
79 —_— 179 —_ 279 3 379 —_ 479 —_ 
81 3 181 — 281 —_— 381 3 481 13 
83 — 183 3 283 —_ 383 — 483 3 
87 3 187 11 287 7 387 3 487 — 
89 — 189 3 289 ~=«17 389 — 489 3 
91 7 191 — 291 3 391 17 491 — 
93 3 193 — 2933 — 393 3 493 17 
97 — 197 — 297 3 397, 497 7 
99 3 99 — 299-13 399 3 499 — 


501 
503 
507 
509 
511 
513 
517 
519 
521 
523 
527 
529 
531 
533 
537 
539 
541 
543 
547 
549 
551 
553 
557 
559 
561 
563 
567 
569 
571 
573 
577 
579 
581 
583 
587 
589 
591 
593 
597 
599 


601 
603 
607 
609 
611 
613 
617 
619 
621 
623 
627 
629 
631 
633 
637 
639 
641 
643 
647 
649 
651 
653 
657 
659 
661 
663 
667 
669 
671 
673 
677 
679 
681 
683 
687 
689 
691 
693 
697 


699 


TABLE 2 


701 
703 
707 
709 
711 
713 
717 
719 
F2A 
723 
TA] 
729 
731 
733 
Lad 
739 
741 
743 
747 
749 
751 
753 
TT 
759 
761 
763 
767 
769 
771 
773 
ae 
729 
781 
783 
787 
789 
791 
793 
197 
799 


801 
803 
807 
809 
811 
813 
817 
819 
821 
823 
827 
829 
831 
833 
837 
839 
841 
843 
847 
849 
851 
853 
857 
859 
861 
863 
867 
869 
871 
873 
877 
879 
881 
883 
887 
889 
891 
893 
897 
899 


901 
903 
907 
909 
911 
913 
917 
919 
921 
923 
927 
929 
931 
933 
937 
939 
941 
943 
947 
949 
951 
953 
957 
959 
961 
963 
967 
969 
971 
973 
977 
979 
981 
983 
987 
989 
991 
993 
997 
999 
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TABLE 2 
1001 7 1101 3 1201 — 1301 — 1401 3 
1003 17 1103 — 1203 3 1303 — 1403 23 
1007 19 1107 3 1207 17 1307 — 1407 3 
1009 — 1109 — 1209 3 1309 7 1409 — 
1011 3 1111 11 1211 7 1311 3 1411 17 
1013 — 1113 3 1213 — 1313 13 1413 3 
1017 3 1117 — 1217 — 1317 3 1417 13 
1019 — 1119 3 1219 23 1319 — 1419 3 
1021 — 1121 19 1221 3 1321 — 1421 7 
1023 3 1123 — 1223 — 1323 3 1423 — 
1027 13 1127 7 1227 3 1327 — 1427 — 
1029 3 1129 — 1229 — 1329 3 1429 — 
1031 1131 3 1231 — 1331 11 1431 3 
1033 — 1133 11 1233 3 1333 31 1433 — 
1037 17 1137 3 1237 — 1337 7 1437 3 
1039 — 1139 17 1239 3 1339 13 1439 — 
1041 3 1141 7 1241 17 1341 3 1441 11 
1043 7 1143 3 1243 11 1343 17 1443 3 
1047 3 1147 31 1247 29 1347 3 1447 — 
1049 — 1149 1249 — 1349 19 1449 3 
1051 — 1151 — 1251 3 1351 7 1451 — 
1053 3 1153 — 1253 7 1353 3 1453 — 
1057 7 1157 13 1257 3 1357 23 1457 31 
1059 3 1159 19 1259 — 1359 3 1459 — 
1061 — 1161 3 1261 13 1361 — 1461 3 
1063 — 1163 — 1263 3 1363 29 1463 7 
1067 11 1167 3 1267 7 1367 — 1467 3 
1069 — 1169 7 1269 3 1369 37 1469 13 
1071 3 1171 — 1271 31 1371 3 1471 — 
1073 29 1173 3 1273 19 1373 — 1473 3 
1077. 3 1177 11 1277 — 1377 3 1477 7 
1079 13 1179 3 1279 — 1379 7 1479 3 
1081 23 1181 — 1281 3 1381 — 1481 — 
1083 3 1183 7 1283 — 1383 3 1483 — 
1087 — 1187 — 1287 3 1387 19 1487 — 
1089 3 1189 29 1289 — 1389 3 1489 — 
1091 — 1191 3 1291 — 1391 13 1491 3 
1093 — 1193 — 1293 3 1393 7 1493 — 
1097 — 1197 3 1297 — 1397 11 1497 3 
1099 7 1199 11 1299 3 1399 — 1499 — 
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TABLE 2 
1501 19 1601 — 1701 3 1801 — 1901 — 
1503 3 1603 7 1703 13 1803 3 1903 11 
1507 11 1607 — 1707 3 1807 13 1907 =— 
1509 3 1609 — 1709: — 1809 3 1909 23 
1511 — 1611 3 1711 29 1811 — 1911 3 
1513 17 1613 — 1713 3 1813 7 1913 — 
1517 37 1617 3 L717” 17 1817 23 1917 3 
1519 7 1619 1719 3 1819 17 1919 19 
1521 3 1621 — 1721 — 1821 3 1921 17 
1523 — 1623 3 1723 — 1823 — 1923 3 
L>27, 3 1627 — 1727 11 1827 1927 41 
1529 11 1629 3 1729 7 1829 31 1929 3 
1531 — 1631 7 1731 3 1831 — 1931 — 
1533 3 1633 23 1733 — 1833 3 1933 — 
1537 29 1637 — 1737 3 1837 11 1937 13 
1539 3 1639 11 1739 37 1839 3 1939 7 
1541 23 1641 3 1741 — 1841 7 1941 3 
1543 — 1643 31 1743 3 1843 19 1943 29 
1547 7 1647 3 1747 — 1847 — 1947 3 
1549 — 1649 17 1749 3 1849 43 1949 — 
1551 3 1651 13 1751 17 1851 3 1951 — 
1553 — 1653 3 1753 — 1853 17 1953 3 
1557 3 1657 — Lj 7 1857 3 1957 19 
1559 1659 3 Ly?" == 1859 11 1959 3 
1561 7 1661 11 1761 3 1861 — 1961 37 
1563 3 1663 — 1763 41 1863 3 1963 13 
1567 — 1667 — 1767 3 1867 — 1967 7 
1569 3 1669 — 1769 29 1869 3 1969 11 
1571 — 1671 3 1771 7 1871 — 1971 3 
1573 11 1673 7 1773 3 1873 — 197). = 
1577 19 1677 3 1777 — 1877 — 1977 3 
| Vo 1679 23 1779 3 1879 — LD) = 
1581 3 1681 41 1781 13 1881 3 1981 7 
1583 — 1683 3 1783 — 1883 7 1983 3 
1587 3 1687 7 1787 — 1887 3 1987 — 
1589 7 1689 3 1789 — 1889 — 1989 3 
1591 37 1691 19 1791 3 1891 31 1991 11 
1593 3 1693 — 1793 11 1893 3 1993: = 
1597 — 1697 — 1797 3 1897 7 1997 — 
1599 3 1699 — L799: 7 1899 3 0 == 


398 


TABLES 


TABLE 2 

2001 3 2101 11 2201 31 2301 3 2401 7 
2003 — 2103 3 2203 — 2303 7 2403 3 
2007 3 2107 7 2207 — 2307 3 2407 29 
2009 7 2109 3 2209 47 2309 — 2409 3 
2011 — 2111 — 2211 3 2311 — 2411 — 
2013 +3 2113 — 2213 — 2313 3 2413 19 
2017 — 2117 29 2217 3 2317 7 2417 — 
2019 3 2119 13 2219 7 2319 3 2419 41 
2021 43 2121 3 2221 — 2321 11 2421 3 
2023 7 2123 11 2225 53 2323 23 2423 — 
2027 — 2127 3 e227. 17 2327 13 2427 3 
2029 — 2129 — 2229 3 2329 17 2429 «7 
2031 3 2131 — 2251 23 2331 3 2431 Ii 
2033 19 2133 3 2233 7 2333 — 2433 3 
2037 3 2137 — 2237 — 2537-3 2437 — 
2039 — 2139 3 2239 — 2339 — 2439 3 
2041 13 2141 — 2241 3 2341 — 2441 — 
2043 3 2143 — 2243 — 2343 3 2443 7 
2047 23 2147 19 2247 3 2347 — 2447 — 
2049 3 2149 7 2249 13 2349 3 2449 31 
2051 7 2151 3 2251 — 2351 — 2451 3 
2053 — 2153 — 2253 3 2353 13 2453 11 
2057 11 2157 3 2257 37 2357 — 2457 3 
2059 29 2159 17 2559 3 2359 7 2459 — 
2061 3 2161 — 2261 7 2361 3 2461 23 
2063 — 2163 3 2263 31 2363 17 2463 3 
2067 3 2167 11 2267 — 2367 3 2467 — 
2069 — 2169 3 2269 — 2369 23 2469 3 
2071 19 2171 13 2271 3 2371 — 2471 7 
2073 3 2173 41 22/35 £579: <3 2473 — 
2077 31 2hi7 <-F 2277 83 2377 — 2477 — 
2079 3 2179 — 2279 43 2379 3 2479 37 
2081 — 2181 3 2281 — 2381 — 2481 3 
2083 — 2183 37 2283 3 2383 — 2483 13 
2087 — 2187 3 2287 — 2387 7 2487 3 
2089 — 2189 11 2289 3 2389 — 2489 19 
2091 3 2191 7 2291 29 2391 3 2491 47 
2093 7 2193 3 2293 — 2393 — 2493 

2097 3 2197 13 £297 == 2397 83 2497 11 
2099 — 2199 3 2299 11 2399 — 2499 3 


TABLES 


399 


TABLE 2 

2501 41 2601 3 2701 37 2801 — 2901 3 
2503 — 2603 19 2703 3 2803 — 2903 — 
2507 23 2607 3 2707 — 2807 7 2907 3 
2509 13 2609 — 2709 3 2809 53 2909 — 
2511 3 2611 7 2711 — 2811 3 2911 41 
Za05. <7 2613 +3 2713 — 2813 29 2913 3 
2517 3 2617 — 2717 Al 2817 3 2917 = 
2519 11 2619 3 2719 — 2819 — 2919 3 
2521 — 2621 — 2721 3 2821 7 2921 23 
2523 3 2623 43 2725° ~7 2823 3 2923 37 
2527 <7 2627 37 2727. 23 2827 11 2927): = 
2529 3 2629 11 2729 — 2829 3 2929 29 
2531 — 2631 3 2731 — 2831 19 2931 3 
2533 17 2633 — 2733 3 2833 — 2933 7 
2537 43 2637 3 27357 «7. 2837 — 2937 3 
2539 — 2639 7 2739 3 2839 17 2939 — 
2541 3 2641 19 2741 — 2841 3 2941 17 
2543 — 2643 3 2743 13 2843 — 2943 3 
2547 3 2647 — 2747 41 2847 3 2947 7 
2549 — 2649 3 2749 — 2849 7 2949 3 
2551 — 2651 11 2751 3 2851 — 2951 13 
2553 3 2653 7 2753 — 2853 3 2953 — 
2557 — 2657 — 2757 *9 2857 — 2957 — 
2559 3 2659 — P58 fo» 1) al 9 | 2859 3 2959 1 
2561 13 2661 3 2761 11 2861 — 2961 
2563 11 2663 — 2763 3 2863 7 2963 — 
2567 17 2667 3 2767 — 2867 47 2967 3 
2569 7 2669 17 2769 3 2869 19 2969 — 
2571 3 2671 — 2771. 17 2871 3 2971 — 
2573 31 2673 3 2773 47 2873 13 2973 3 
2977 2677 — 2777 = 2877 3 2977 13 
2579 — 2679 3 2779 7 2879 — 2979 3 
2581 29 2681 7 2781 3 2881 43 2981 11 
2583 3 2683 — 2783 11 2883 3 2983 19 
2587 13 2687 — 2787 3 2887 — 2987 29 
2589 3 2689 — 2789 — 2889 3 2989 7 
2591 — 2691 3 2791 — 2891 7 2991 3 
2593 — 2693 — 2793 3 2893 11 2993 41 
2597 7 2697 3 2797 — 2897 — 2997 3 
2599 23 2699 — 2799 3 2899 13 2999 — 
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TABLES 


TABLE 2 
3001 — 3101 7 3201 3 3301 — 3401 19 
3003 3 3103 29 3203 — 3303 3 3403 41 
3007 31 3107 13 3207 3 3307 — 3407 — 
3009 3 3109 — 3209 — 3309 3 3409 7 
3011 — 3111 3 3211 13 3311 7 3411 3 
3013 23 3113 11 3213 3 5313) — 3413 — 
3017 7 3117 3 3217 — 3317 31 3417 3 
3019 — 3119 — 3219 3 3319 — 3419 13 
3021 3 3121 — 3221 3321 3 3421 11 
3023 — 3123 3 3223 3323 — 3423 3 
3027 3 3127 53 3227 3327 3 3427 23 
3029 13 3129 3 3229 — 3329 — 3429 3 
3031 7 3131 31 3231 3 3331 — 3431 47 
3033 3 3133 13 3233 53 3333 3 3433 — 
3037 — 3137 — 3237 3 3337 47 3437 7 
3039 3 3139 43 3239 41 3339 3 3439 19 
3041 — 3141 3 3241 7 3341 13 3441 3 
3043 17 3143 7 3243 3 3343 — 3443 11 
3047 11 3147 3 3247 17 3347 — 3447 3 
3049 — 3149 47 3249 3 3349 17 3449 — 
3051 3 3151 23 3251 — 3351 3 3451 7 
3053 43 3153 3 3253 — 3353 7 3453 3 
3057 3 3157 7 3257 — 3357 3 3457 — 
3059 7 3159 3 3259 — 3359 — 3459 3 
3061 — 3161 29 3261 3 3361 — 3461 — 
3063 3 3163 — 3263 13 3363 3 3463 — 
3067 — 3167 — 3267 3 3367 7 3467 — 
3069 3 3169 — 3269 7 3369 3 3469 — 
3071 37 3171 3 3271 — 3371 — 3471 3 
3073 7 3173 19 3273 3 3373 — 3473 23 
3077 17 3177 3 3277 29 3377 11 3477 3 
3079 — 3179 11 3279 3 3379 31 3479 7 
3081 3 3181 — 3281 17 3381 3 3481 59 
3083 — 3183 3 3283 7 3383 17 3483 3 
3087 3 3187 — 3287 19 3387 3 3487 11 
3089 — 3189 3 3289 11 3389 — 3489 3 
3091 11 3191 — 3291 3 3391 — 3491 — 
3093 3 3193 31 3293 37 3393 3 3493 7 
3097 19 3197 23 3297 3 3397 43 3497 13 
3099 3 3199 7 3299 — 3399 3 3499 — 


3501 
3503 
3507 
3509 
3511 
3513 
3517 
3519 
3521 
3523 
3527 
3529 
3531 
3533 
3537 
3539 
3541 
3543 
3547 
3549 
3551 
3553 
3557 
3559 
3561 
3563 
3567 
3569 
3571 
3573 
S77 
3579 
3581 
3583 
3587 
3589 
3591 
3593 
3597 
3599 


3601 
3603 
3607 
3609 
3611 
3613 
3617 
3619 
3621 
3623 
3627 
3629 
3631 
3633 
3637 
3639 
3641 
3643 
3647 
3649 
3651 
3653 
3657 
3659 
3661 
3663 
3667 
3669 
3671 
3673 
3677 
3679 
3681 
3683 
3687 
3689 
3691 
3693 
3697 
3699 


TABLE 2 


3701 — 
3703 7 
3707 11 
3709 — 
3711 3 
3713 47 
3717 3 
3719 — 
3721 61 
3723 3 
372). = 
3729 3 
3731 7 
3733 — 
3737 37 
a7 50. = 
3741 3 
3743 19 
3747 3 
3749 23 
3751 11 
3753 3 
3757 13 
3759 3 
3761 — 
3763 53 
3767 — 
3769 — 
3771 3 
3773 7 
3777 =3 
Ge Gi es 
3781 19 
3783 3 
3787 7 
3789 3 
3791 17 
3/93. — 
3797 — 
3799 29 


3801 
3803 
3807 
3809 
3811 
3813 
3817 
3819 
3821 
3823 
3827 
3829 
3831 
3833 
3837 
3839 
3841 
3843 
3847 
3849 
3851 
3853 
3857 
3859 
3861 
3863 
3867 
3869 
3871 
3873 
3877 
3879 
3881 
3883 
3887 
3889 
3891 
3893 
3897 
3899 


3901 
3903 
3907 
3909 
3911 
3913 
3917 
3919 
3921 
3923 
3927 
3929 
3931 
3933 
3937 
3939 
3941 
3943 
3947 
3949 
3951 
3953 
3957 
3959 
3961 
3963 
3967 
3969 
3971 
3973 
3977 
3979 
3981 
3983 
3987 
3989 
3991 
3993 
3997 
3999 


TABLES 401 


402 


TABLES 


TABLE 2 
4001 — 4101 3 4201 — 4301 11 4401 3 
4003 — 4103 11 4203 3 4303 13 4403 7 
4007 — 4107. 3 4207 7 4307 59 4407 3 
4009 19 4109 7 4209 3 4309 31 4409 — 
4011 3 4111 — 4211 — 4311 3 4411 11 
4013 — 4113 3 4213 11 4313 19 4413, 3 
4017. 3 4117 23 4217 — 4317 3 4417 7 
4019 — 4119 3 4219 — 4319 7 4419 3 
4021 — 4121 13 4221 4321 29 4421 — 
4023 3 4123 7 4223 41 4323 3 4423 — 
4027 — 4127 — 4227 3 4327 — 4427 19 
4029 3 4129 — 4229 — 4329 3 4429 43 
4031 29 4131 3 4231 — 4331 61 4431 3 
4033 37 4133 — 4233 3 4333 7 4433 11 
4037 11 4137 3 4237 19 4337 — 4437 3 
4039 7 4139 — 4239 3 4339 — 4439 23 
4041 3 4141 41 4241 — 4341 3 4441 — 
4043 13 4143 3 4243 — 4343 43 4443 3 
4047 3 4147 11 4247 31 4347 3 4447 — 
4049 — 4149 3 4249 7 4349 — 4449 3 
4051 — 4151 7 4251 3 4351 19 4451 — 
4053 3 4153 — 4253 — 4353 3 4453 O61 
4057 — 4157 — 4257 3 4357 — 4457 — 
4059 3 4159 — 4259 — 4359 3 4459 7 
4061 31 4161 3 4261 — 4361 7 4461 3 
4063 17 4163 23 4263 3 4363 — 4463 — 
4067 7 4167 3 4267 17 4367 11 4467 3 
4069 13 4169 11 4269 3 4369 17 4469 41 
4071 3 4171 43 4271 — 4371 4471 17 
4073 — 4173 3 4273 — 4373 — 4473 3 
4077 3 4177 — 4277 7 4377 3 4477 11 
4079 — 4179 3 4279 11 4379 29 4479 3 
4081 7 4181 37 4281 3 4381 13 4481 — 
4083 3 4183 47 4283 — 4383 3 4483 — 
4087 61 4187 53 4287 3 4387 41 4487 7 
4089 3 4189 59 4289 — 4389 3 4489 67 
4091 — 4191 3 4291 7 4391 — 4491 3 
4093 — 4193 7 4293 3 4393 23 4493 — 
4097 17 4197 3 4297 — 4397 — 4497 3 
4099 — 4199 13 4299 3 4399 53 4499 11 


TABLES 403 
TABLE 2 
4501 ws 4901 13 
4503 3 4903 — 
4507 — 4907 7 
4509 3 4909 — 
4511 13 4911 3 
4513 — 4913 17 
eas. uk: 4917 3 
4519 — 4919 — 
4521 3 4921 7 
4523 — 4923 3 
4527 3 4927 13 
4529 7 4929 3 
4531 23 4931 — 
4533 3 4933 — 
4537 13 4937 — 
4539 3 4939 11 
4541 19 4941 3 
4543 7 4943 — 
4547 — 4947 3 
4549 — 4949 7 
4551 3 4951 — 
4553 29 4953 3 
4557 3 4957 — 
4559 47 4959 3 
4561 — 4961 11 
4563 3 4963 7 
4567 — 4967 — 
4569 3 4969 — 
4571 es 4971 3 
4573 17 4973 — 
4577 23 4977 3 
4579 19 4979 13 
4581 3 4981 17 
4583 — 4983 3 
4587 3 4987 — 
4589 13 4989 3 
4591 — 4991 7 
45933 4993 — 
4597 — 4997 19 
4599 «3 4999 — 
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The prime numbers between 5000 and 10,000. 


TABLE 3 


5003 
5009 
5011 
5021 
5023 


5039 
5051 
5059 
5077 
5081 


5087 
5099 
5101 
5107 
5113 


5119 
5147 
5153 
5167 
5171 


5179 
5189 
5197 
5209 
5227 


5231 
5233 
5237 
5261 
5273 


5279 
5281 
5297 
5303 
5309 


5323 
5333 
5347 
5351 
5381 


5387 
5393 
5399 
5407 
5413 


5417 
5419 
5431 
5437 
5441 


5443 
5449 
5471 
5477 
5479 


5483 
5501 
5503 
5507 
5519 


5521 
5527 
5531 
5557 
5563 


5569 
5573 
5581 
5591 
5623 


5639 
5641 
5647 
5651 
5653 


5657 
5659 
5669 
5683 
5689 


5693 
5701 
5711 
5717 
5737 


5741 
57A3 
5749 
5779 
5783 


5791 
5801 
5807 
5813 
5821 


5827 
5839 
5843 
5849 
5851 


5857 
5861 
5867 
5869 
5879 


5881 
5891 
5903 
5923 
5927 


5939 
5953 
5981 
5987 
6007 


6011 
6029 
6037 
6043 
6047 


6053 
6067 
6073 
6079 
6089 


6091 
6101 
6113 
6121 
6131 


6133 
6143 
6151 
6163 
6173 


6197 
6199 
6203 
6211 
6217 


6221 
6229 
6247 
6257 
6263 


6269 
6271 
6277 
6287 
6299 


6301 
6311 
6317 
6323 
6329 


6337 
6343 
6353 
6359 
6361 


6367 
6373 
6379 
6389 
6397 


6421 
6427 
6449 
6451 
6469 


6473 
6481 
6491 
6521 
6529 


6547 
6551 
6553 
6563 
6569 


6571 
6577 
6581 
6599 
6607 


6619 
6637 
6653 
6659 
6661 


6673 
6679 
6689 
6691 
6701 


6703 
6709 
6719 
6733 
6737 


6761 
6763 
6779 
6781 
6791 


6793 
6803 
6823 
6827 
6829 


6833 
6841 
6857 
6863 
6869 


6871 
6883 
6899 
6907 
6911 


6917 
6947 
6949 
6959 
6961 


6967 
6971 
6977 
6983 
6991 


6997 
7001 
7013 
7019 
7027 


7039 
7043 
7057 
7069 
7079 


7103 
7109 
7121 
7127 
7129 


7151 
7159 
7177 
7187 
7193 


7207 
7211 
7213 
7219 
7229 


T2357 
7243 
7247 
7253 
7283 


7297 
7307 
7309 
7321 
7331 


7333 
7349 
7351 
7369 
7393 


7411 
7417 
7433 
7451 
7457 


7459 
7477 
7481 
7487 
7489 


TABLES 405 


TABLE 3 
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TABLE 4 


The number of primes and the number of pairs of twin primes in the indicated intervals 


Number of 
Number of pairs of 
Interval primes twin primes 


fe) 


1-100 
101-200 
201-300 
301-400 
401-500 


501-600 
601-700 
701-800 
801-900 
901-1000 


2501-2600 
2601-2700 
2701-2800 
2801-2900 
2901-3000 


10001-10100 
10101-10200 
10201-10300 
10301-10400 
10401-10500 


29501-29600 
29601-29700 
29701-29800 
29801-29900 
29901-30000 


100001-100100 
100101-—100200 
100201-100300 
100301-100400 
100401-100500 


299501-299600 
299601-299700 
299701-299800 
29980 1~—299900 
299901-300000 


—=e— WNN © VFO WN WD PB ~f 


NN me Oh 
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8 
7 
0 
7 
6 
9 
8 
9 
8 
vi 
8 
8 
6 
9 


oo o- = 
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TABLES 


The values of t(n), o(n), o(n), and p(n), where 1 =n = 100 


407 


) 
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1 
2 
2 
3 
2 
4 
2 
4 
3 
4 
2 
6 
2 
4 
4 
5 
2 
6 
2 
6 
4 
4 
2 
8 
3 
4 
4 
6 
2 
8 
p4 
6 
4 
4 
4 
9 
2 
4 
4 
8 


rh 
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TABLE 5 


peo | om | om | wool 
0 91 Ee: 


81 5 54 4 112 1 
82 4 40 1 92 6 168 0 
83 2 82 =] 4 128 1 
84 12 24 0 4 144 1 
85 4 64 1 4 120 1 
86 4 42 1 12 252 0 
87 4 56 1 2 98 —1 
88 8 40 0 6 171 0 
89 Z 88 —1 6 156 0 
90 12 24 0 9 247 0 


ANSWERS TO SELECTED PROBLEMS 


SECTION 1.1 


5. (a) 4,5, and7. 
(b) (3-2)! 4312! 342)! 43!421, 


SECTION 2.1 


5. (a) te = 21 and ts = 15. 
6. (b) = ti, 67 = lg, 2047 = loge. 
9. (b) Two examples are t6 = fj +45, tio =t4 + bo. 


SECTION 2.4 


1. 1,9, and 17. 
2(a)x=4, y=-3. 
(b) x =6, y=-l. 
O.2=7, y=—3. 
(d) x =39, y=—29. 
8. 32,461, 22,338, and 23,664. 
12. x17, ye 114, oS 2, 


SECTION 2.5 


2. (a) x = 204 9, y=-15-T7t. 
(b) x = 184+23t, y=-3-4t. 
(c) x = 1764+35t, y=—1111 —22!1¢. 
3: ye), = 6: 
(by 42, ye 38: x=9, y=20; CEH 10. yz. 
(c) No solutions 
(d) x =17-S7t, y=47-—158t, wheret <0. 
5. (a) The fewest coins are 3 dimes and 17 quarters, whereas 43 dimes and 1 quarter give 
the largest number. It is possible to have 13 dimes and 13 quarters. 


409 


410 


ANSWERS TO SELECTED PROBLEMS 


(b) There may be 40 adults and 24 children, or 45 adults and 12 children, or 50 adults. 
(c) Six 6’s and ten 9’s. 


. There may be 5 calves, 41 lambs, and 54 piglets; or 10 calves, 22 lambs, and 68 piglets; 


or 15 calves, 3 lambs, and 82 piglets. 


. $10.21 
. (b) 28 pieces per pile is one answer. 


(d) One answer is 1 man, 5 women, and 14 children. 
(e) 56 and 44. 


SECTION 3.1 


Z 
7. 


25 is a counterexample. 
All primes < 47. 


11. (a) One example: 2'3 — 1 is prime. 
SECTION 3.2 
11. Two solutions are 59 — 53 = 53 — 47, 157-151 = 163 — 157. 
14. Ryo = 11-41 - 271-9091. 
SECTION 3.3 
3. 2 and 5 
11. A(22) = 23 - 67. 
14. 71, 13859 
16. 37 = -14+24+34+547411-13417- 19+ 23 — 29 +31, 
31 = -14+2-—-34+5-—-7-11+134+17—- 19 — 23 + 2(29). 
19. 81=34+5+4+73, 125=5+13+107. 
28. (b) n = 1. 
SECTION 4.2 
4. (a) 4and 6 
(b) 0 
SECTION 4.3 
1. 14147 = 658 (mod 1537) 
19°3 = 406 (mod 503) 
3. 89 
6. (a) 9 
(b) 4 
(c) 5 
(d) 9 
9, 7 
ieee pHs 
12. 143. 
15. =] 1.3 


ANSWERS TO SELECTED PROBLEMS 


~ Ro =3-7-11- 13-37. 
ces. Vez: 
A038... yH0, 7=6. 
. (a) Check digits are 7; 5. 


(b) ag = 9. 


- (b) Incorrect 


SECTION 4.4 


i 


(a) x = 18 (mod 29). 

(b) x = 16 (mod 26). 

(c) x = 6, 13, and 20 (mod 21). 

(d) No solutions 

(e) x = 45, and 94 (mod 98). 

(f) x = 16, 59, 102, 145, 188, 231, and 274 (mod 301). 


.(a)x=154+5lt, y=—-1—4¢. 


(b) x =13425t, y=7—-12t. 
(c) x =14453t, y=1+4+5t. 


. x =11+t(mod13), y=5-+6t (mod 13). 
~ (a) x = 52 (mod 105). 


(b) x = 4944 (mod 9889). 
(c) x = 785 (mod 1122). 
(d) x = 653 (mod 770). 


- x = 99 (mod 210). 


62 


. (a) 548, 549, 550 


(b) 57/350, 3°|351, 2%|352 


. 119 

. 301 

- 3930 
- 838 

. (a) 17 


(b) 59 
(c) 1103 


. n =1,7, 13 (mod 15). 

. x=7, y=9 (mod 13). 

~ x =59, 164 (mod 210). 
~xB=7,y=O0x =3,y=1;x =7, 


a1 VY SASH 3, 7 =l4= 7. 


. (a) x =4 (mod 7), y = 3 (mod 7). 


(b) x = 9 (mod 11), y = 3 (mod 11). 
(c) x =7 (mod 20), y = 2 (mod 20). 


SECTION 5.2 
6. (a) 1 
9. (b) x = 16 (mod 31), x =10(mod11), x = 25 (mod 29). 


411 


412 ANSWERS TO SELECTED PROBLEMS 


SECTION 5.3 


8.5, 13 
IT. 12, 7; 6, 31 


SECTION 5.4 


1. (b) 127-83 
(c) 691-29-17 
3. 89 - 23 
4.29-17, 3°-5?- 13? 
5. (a) 2911 = 71-41. 
(b) 4573 = 17 - 269. 
(c) 6923 = 23 - 301. 
6. (a) 13561 = 71-191 
7. (a) 4537 = 13 - 349. 
(b) 14429 = 47 - 307. 
8. 20437 = 107 - 191. 


SECTION 6.1 


2. 6; 6,300,402 
12. (a) p’ and p*q; 48 = 2'*-3. 


SECTION 6.3 


3. 249, 330 

5. (b) 150, 151, 152, 153, 154 
8. (b) 36, 396 

9. 405 


SECTION 6.4 


1. (a) 54 
(b) 84 
(c) 115 

3. (a) Thursday 
(b) Wednesday 
(c) Monday 
(d) Thursday 
(e) Tuesday 
(f) Tuesday 

5. (a) 1, 8, 15, 22, 29 
(b) August 

6. 2009 


SECTION 7.2 


1. 720, 1152, 9600 
18. d(n) = 16 whenn = 17, 32, 34, 40, 48, and 60. 
o(n) = 24 when n = 35, 39, 45, 52, 56, 70, 72, 78, 84, and 90. 


ANSWERS TO SELECTED PROBLEMS 


SECTION 7.3 


7. 1 
8. (b) x = 19 (mod 26), x =34(mod 40), x =7 (mod 49). 


SECTION 7.4 
10. (b) 29348, 29349, 29350, 29351 


SECTION 8.1 


1. (a) 8, 16, 16 
(b) 18, 18, 9 
(c) 11, 11, 22 
8. (c) 2!’ —1is prime; 233|27? — 1. 
12. (a) 3,7 
(b) 3,5, 6, 7, 10, 11, 12, 14 
13. (b) 41, 239 


SECTION 8.2 


2. 1,4,11,14; 8, 18,47,57; 8, 14, 19, 25 
3.2; 6=2). 7=2). BS2: 
2, 3=2%, 10=2!, 13=2), 14=27, 15=2!!; 
5. 7=5".. 10S5. 1la]s). 1445 95. 17 =5'. 
200=5. DLS: 
4. (a) 7,37 
(b) 9, 10, 13, 14, 15, 17, 23, 24, 25, 31, 38, 40 
5.11, 50 


SECTION 8.3 


L.-(a): 7, 115 19,19: 2,358; 12; 13,.17,.22, 23 
(b) 2,5; 

2,5, 11, 14, 20, 23; 
2,5, 11, 14, 20, 23, 29, 32, 38, 41, 47, 50, 56, 59, 65, 68, 74, 77 
4. (b) 3 

5. 6, 7, 11, 12, 13, 15, 17, 19, 22, 24, 26, 28, 29, 30, 34, 35; 

7, 11, 13, 15, 17, 19, 29, 35, 47, 53, 63, 65, 67, 69, 71, 75 

11. (6b) x = 34 (mod 40), x = 30 (mod 77). 


SECTION 8.4 


1. indg5 =9, indg5=9, indg5=3, ind); 5=3. 
2. (a) x =7 (mod 11). 

(b) x =5, 6 (mod 11). 

(c) No solutions. 


19=5}, 
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3. (a) x = 6, 7, 10, 11 (mod 17). 
(b) x =5 (mod 17). 
(c) x =3,5, 6, 7, 10, 11, 12, 14 (mod 17). 
(d) x = 1 (mod 16). 
4. 14 
8. (a) In each case, a = 2, 5, 6. 
(b) 1,2,4; 1,3,4,5,9; 1,3,9 
12. Only the first congruence has a solution. 
16. (b) x = 3,7, 11, 15 (mod 16); x = 8, 17 (mod 18). 
17. b = 1, 3, 9 (mod 13). 


SECTION 9.1 


1. (a) x =6,9 (mod 11). 
(b) x = 4, 6 (mod 13). 
(c) x = 9, 22 (mod 23). 
8. (b) 1 (mod 17); x = 17,24 (mod 41) 
9, 11, 16, 17 
9, 13, 16, 20, 22, 23, 24, 25, 28: 
8,9, 10, 14, 16, 18, 19, 20, 25, 28 


6, 1 
4,5, 6,7 
, 4, 5, 6, 7 
25 e524), 


SECTION 9.2 


1. (a) -1 
(b) 1 
(c) 1 
(d) -1 
(e) 1 

2. (a) (-1)° 
(b) (-1)° 
(c) (-1)* 
(d) (-1) 
(e) (—1) 


SECTION 9.3 


1. (a) 1 
(b) —1 
(c) —l 
(d) 1 
(e) 1 

3. (a) Solvable 
(b) Not solvable 
(c) Solvable 


6. p =2o0r p = 1 (mod 4); p =2or p = 1 or3 (mod 8); 


p =2, p=3o0r p = 1 (mod 6). 
8. 73 
14. x = 9, 16, 19, 26 (mod 35). 
16. —1, —-l, 1 
20. Not solvable 


ANSWERS TO SELECTED PROBLEMS 


SECTION 9.4 


SHA b&b W 


9. 


. (b) x = 57, 68 (mod 5). 
. (a) x = 13, 14 (mod 3’). 


(b) x = 42, 83 (mod 5°). 
(c) x = 108, 235 (mod 7°). 


. x = 5008, 9633 (mod 11°). 

. x = 122, 123 (mod 5%); x = 11, 15 (mod 3°). 
. x = 41, 87, 105 (mod 2’). 

. (a) Whena =1, x =1,7,9, 15 (mod 2%). 


Whena =9, x =3,5, 11, 13 (mod 2%). 
(b) Whena =1, x =1, 15, 17,31 (mod 2°). 
Whena =9, x = 3, 13, 19, 29 (mod 2°). 
Whena=17, x =7,9, 23, 25 (mod 2°). 
Whena = 25, x =5, 11,21, 27 (mod 2°). 
(c) Whena=1, x = 1,31, 33, 63 (mod 2°). 
Whena =9, x = 3, 29, 35, 61 (mod 2°). 
9, 23, 41, 55 (mod 2°). 


Whenad=17, x= 

When a = 25, x =5, 27,37, 59 (mod 2°). 

When a = 33, x = 15, 17, 47, 49 (mod 2°). 

Whena=41, x = 13, 19, 45, 51 (mod 2°). 

Whena = 49, x =7, 25, 39, 57 (mod 2°). 

Whena = 57, x = 11,21, 43, 53 (mod 2°). 
(a) 4, 8 


(b) x = 3, 147, 153, 297, 303, 447, 453, 597 (mod 23 - 3 - 5’). 


10. (b) x = 51, 70 (mod 112). 
SECTION 10.1 
4. (a) C =3P +4 (mod 26). 


5. 


6. 
. (a) UYJB FHSIHLQA. 


(b) GIVE THEM UP. 
(a) TAOL M NBJQ TKPB. 
(b) DO NOT SHOOT FIRST. 
(b) KEEP THIS SECRET 


(b) RIGHT CHOICEX. 


~ (a) Cy = P;} + 2P> (mod 26), Cy = 3P; +5P> (mod 26). 


(b) HEAR THE BELLS. 


. HS TZM 

. FRIDAY 

- 1747, 157 

so 

~ 2014 1231 1263 0508 1106 1541 1331 
- REPLY NOW 

-» SELL SHORT 


SECTION 10.2 


1. 


oS eh... 2 aa a =. 
SSeS lk oe Sie Sa ee eH 
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2 Ore ve ee Xo = x16 = 0. 
Si oc 7 ee oe es ee OP 

2. (a) and (c) are superincreasing. 

3. (a) Xy = X2 = X3 = xe =). X4 = X5 = (); 
(b) xe] 3H 45. = 1, Ae =. 
(OC) s9= 04 HK HA. aS a Ss = 0: 


5.3, 4, 10, 21 
6. CIPHER. 
7. (a) 14, 21, 49, 31, 9 


(b) 45 49 79 40 70 101 79 49 35 


SECTION 10.3 


1. (a) (43,35) (43,11) (43,06) (43,42) (43, 19) 
(43,17) (43,15) (43,20) (43,00) (43, 19) 
2. BEST WISHES 
3. (23,20) (23,01) (12,17) (12,35) (3,16) (13, 04) 
(1424, 2189) (1424,127) (1424, 2042) 


* (1424, 2002) (1424,669) (1424, 469) 


SECTION 11.2 


1. o(n) = 2160(2!! — 1) 4 2048(2!! — 1). 
8. 56 
11. p°, pq 
14. (b) There are none. 
16. No. 


SECTION 11.3 
3. 233 | M20. 


SECTION 11.4 


3. (b) 3]2” +5. 

7. 25 4-4 = (27 — 2! 4 1)(27 +2! +1) =5- 107367629 - 536903681. 
9. (c) 83| 24! + 1 and 59| 27? + 1. 

10.n =315, p=71, andg =73. 

11. 3|2? +1. 


SECTION 12.1 


1. (a) (16, 12, 20), (16, 63,65), (16, 30, 34) 
(b) (40, 9,41), (40,399, 401); (60, 11,61), (60,91, 109), 
(60, 221, 229), (60, 899, 901) 
8. (12,5, 13), (8, 6, 10) 
12. (a) (3, 4,5), (20, 21,29), (119, 120, 169), (696, 697,985), (4059, 4060, 5741) 
(b) (t6, 7,35), (tao, ta1, 1189), — (t038, t239, 40391) 
| i ee — ie n= 6°, t49 = 357, fosg = 2047, t1681 = 11897. 


ANSWERS TO SELECTED PROBLEMS 417 


SECTION 13.2 


1. 113 =77+8%, 229=274+157, 373 =7%+ 187. 
2. (a) 177 +187 = 613, 474+57=41, 574+6%=61, 9°+107=181, 1274137= 
313. 
5. (b) 3185 = 56° +7, 39690 = 1897 + 637, 62920 = 242? + 66°. 
6. 1105 = 5-13-17 = 97 + 32? = 127 + 31 = 237 +. 24": 
Note that 325 = 52-13 = 17+ 187 = 6? +177 = 107 + 15”. 
14. 45 = 7* — 2? = 9? — 6? = 232 — 227. 
18. 1729 = 17+ 123 = 9° + 10°. 


SECTION 13.3 


2. (2870)* = (17 + 27 + 37 +. --- + 20)* leads to 574° = 4147 + 87 + 16° + 247 + 3274 
.- +--+ 1527, which is one solution. 

6. One example is 509 = 127 + 13° + 147. 

7. 459 = 15% + 15% + 3°. 
10.61=5S°-4, 127=77-6'. 
13. 231 = 157 +2?4+17+17, 391 = 157 +97 497427, 2109 = 447+ 12° +57+27. 
17. #5 = 3? +4 =6 - 5°. 
18. (b) Whenn = 12, 290 = 1374+11° = 167+ 57+ 3° = 147497 + 3° 4+ 2? 

= [5 6- oba e e 


SECTION 14.2 


7.2, 5, 144 

8. Uji, U2, U3, U4, U6, U2 
11. uy, = 2ug +g, Uy2 = Oug + (Ug — U4). 
12. U,, U2, U4, Ug, UjoO 


SECTION 14.3 


7. 50 =ugtuz7t+u9, 75 =uz3+ustuz7t+ujo, 100=u; +u3+u6+u41, 
125 = u3 +uU9 + U4]. 
9. (33,4,5), (5, 12,13), (8,15, 17), (39, 80, 89), (105, 208, 233) 


SECTION 15.2 


1. (a) [—1;1, 1, 1, 2, 6] 
(b) [3;3, 1, 1,3, 2] 
(c) [1;3, 2, 3, 2] 

(d) [0;2, 1, 1, 3,5, 3] 

2. (a) —710/457 
(b) 741/170 
(c) 321/460 

4. (a) [0;3, 1, 2, 2, 1] 
(b) [—152, 1, 7] 

(c) [2;3, 1, 2, 1, 2] 


418 ANSWERS TO SELECTED PROBLEMS 


5. (a) 1, 3/2, 10/7, 33/23, 76/53, 109/76 
(by) =3; <=. =5/2; =7/3,. 12/5. =43/18 
(c) 0, 1/2, 4/9, 5/11, 44/97, 93/205 
6. (b) 225=4-434+4-1043-342-142. 
7. (a) 1, 3/2, 7/5, 17/12, 41/29, 99/70, 239/169, 577/408, 1393/985 
(b) 1, 2, 5/3, 7/4, 19/11, 26/15, 71/41, 97/56, 265/153 
(c) 2, 9/4, 38/17, 161/72, 682/305, 2889/1292, 12238/5473, 51841/23184, 
219602/98209 
(d) 2, 5/2, 22/9, 49/20, 218/89, 485/198, 2158/881, 4801/1960, 21362/8721 
(e) 2, 3, 5/2, 8/3, 37/14, 45/17, 82/31, 127/48, 590/223 
9. (3:7, 16, 11], [3:7, 15, 1,25, 1,7, 4] 
li. (a) x =—-84+51t, y=3-19. 
(b) x =58 +2271, y= —93 — 3641. 
(c) x =484+5t, y=—168—18¢. 
(d) x =—22-—57t, y=—61— 158%. 


SECTION 15.3 
34 
—4 : J37 


10 
314+ V37 
233 


1. (a) 
(b) 
(C) 
(d) 
(€) 


; 5—J/5 874 JS5 
= Oe 62 
4. (a) [234] 
(b) [2; 1, 1, 1,4] 
(c) [2;3] 
(d) [2;1, 3] 
(e) [1;3, 1, 2, 1, 4] 
. (b) [132], [1;1,2], [3;1,6], [6; 12] 
. 1677/433 
~ (a) 1264/465 
» (a) 29/23 
(b) 267/212 
11. 3, 22/7, 355/113 


Ori nN 


SECTION 15.4 


2. (a)x=8, y=3. 
(b)x=10, y=3. 


ANSWERS TO SELECTED PROBLEMS 


(c)x=17, y=4. 
(dy) x= 172 2. 
(6) x =23;, yo 

4) 2=3, YSZ. 2H1, yed2; XH 99, y= 70: 
bDxeea2, yok xe ved: x26. yo. 2H 9.. S56: 

x =362, y= 209. 

Ch xe9, pede -,Hl6l; y= 72. 

4. 48, 1680 

Sa) x SH 24. VSS, cals... 4+ =240. 
(b) x=51, y=10; x =5201, y=1020. 
(c) x =23, y=4;5 x=1057, y= 184. 

6. (a) x = 9801, y = 1820. 
(b) x = 2049, y = 320. 
(c) x = 3699, y= 430. 

Tea) 16, y=: 
(b) x =70, y=13. 
(GC) 232. yee5. 

12. x =449, y=60; x= 13455, y=1798. 
13. (b) x = 254, y=96; x =4048, y= 1530. 

(c) x =213, y=36; x =2538, y= 429. 


SECTION 16.2 


1. (a) 299 = 13 - 23. 

(b) 1003 = 17-59. 
(c) 8051 = 83 - 97. 

2. 4087 = 61 - 67. 

3. (a) 1711 = 29-59. 
(b) 4847 = 37-131. 
(c) 9943 = 61 - 163. 

4. (a) 1241 = 17. 73. 
(b) 2173 = 41 - 53. 
(c) 949 = 13 - 73. 

(d) 7811 = 73 - 107. 

5. 1189 = 29 - 41. 

6. (a) 8131 = 47- 173. 
(b) 13199 = 67. 197. 
(c) 17873 = 61 - 293. 


SECTION 16.3 


2. (a) x = 13, 20, 57, 64 (mod 77). 
(b) x = 10, 67, 142, 199 (mod 209). 
(c) x = 14, 32, 37, 55 (mod 69). 
3. Alice wins if she chooses x = +73 (mod 713). 
4. Alice loses if she chooses x = +676 (mod 3713). 
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absolute pseudoprime numbers, 91, 363 
abundant numbers, 235 
Adleman, Leonard, 203 
Agrawal, Manindra (1966— ), 354 
Alcuin (c.732—804), 38, 219 
Alembert, Jean Le Rond d@’ (1717-1783), 
63, 262 
Alexandrian Museum, 14-15 
algebraic numbers, 254 
amicable numbers, 233 
amicable pairs, 233-235 
amicable triples, 236 
Anthoniszoon, Adriaen (1527-1617), 332 
Apéry, Roger (1916-1994), 373 
Arabic numerals, 284 
Archimedean property, 2 
Archimedean value of z, 331 
Archimedes (c.287—212 B.c.), 331, 346 
area of Pythagorean triangles, 250, 257 
arithmetic functions. See number-theoretic 
functions 
arithmetic progressions of numbers 
primes, 54-55, 375 
pseudoprimes, 90 
Arithmetica (Diophantus) 
Bombelli and, 307 
Fermat and, 245-246, 257, 346 
history of, 32 
recovery of script, 85-86 
Artin, Emil (1898-1962), 157 
Artin’s conjecture, 157 
Aryabhata I (476—c.550 a.D.), 15 
Augustine, Saint (354-430), 219 


INDEX 


authentication of messages, 215-216 
autokey cryptosystems, 200-201 


Bachet, Claude (1581-1638), 86, 273 
Barlow, Peter (1776-1862), 228-229 
bases for number systems, 70 
basis for induction, 4 
Baudot code, 202 
Baudot, Jean-Maurice-Emile (1845-1903), 
202 
Bennett, G., 237 
Bernoulli, Daniel (1700-1782), 129, 130 
Bernoulli inequality, 7 
Bernoulli, Johann (1667-1748), 129 
Bernoulli, Nicolaus (1695-1726), 129, 130 
Bertrand, Joseph (1822-1900), 48 
Bertrand’s conjecture, 48, 352, 371 
Bhaskara IT (1114-c.1185), 83 
binary exponential algorithm, 70-71 
binary number representation, 70—71 
Binet formula, 296-298 
Binet, Jacques-Philippe-Marie 
(1786-1856), 296 
binomial coefficients 
defined, 8 
Fibonacci numbers formula, 302 
identities, 8-10 
as integers, 119 
binomial congruences, 164 
binomial theorem, 8—10 
Blum integers, 369 
Blum, Manuel (1938-), 367 
Blum’s coin flipping game, 367—370 
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INDEX 


Bombelli, Rafael (1526-1572), 307 

Bonse’s inequality, 47 

bracket function, 117, 119-121 

Brahmagupta (598-—c.665), 83, 346 

Brent, Richard, 240, 241, 356 

Brillhart, John (1930-), 240, 357, 360 

Brouncker, William (1620-1684), 332, 
335-336 

Brun, Viggo (1882-1978), 375 

Brun’s constant, 375 


Caesar, Julius (100-44 B.c.) 
cipher system, 197-198 
Julian calendar, 122, 123 
calendars, 122—124 
canonical form, 42 
Carlyle, Thomas (1795-1881), 175 
Carmichael numbers, 91, 363 
Carmichael, Robert D. (1879-1967), 91 
Catalan equation, 257—258 
Catalan, Eugene (1814-1894), 12, 258 
Catalan numbers, 12 
Catalan’s conjecture, 258 
Cataldi, Pietro (1548-1626), 222 
cattle problem, 346 
chain of inequalities (continued fractions), 
317-318, 321 
Chang Ch’ iu-chien (6th century A.D.), 36, 
37 
check digits, 72—73 
Chinese Remainder Theorem 
in Blum’s coin flipping game, 368, 370 
defined, 79-81 
Euler’s generalization of Fermat’s 
theorem and, 139-140 
Cicero, Marcus Tullius (106-43 B.c.), 197, 


198 
ciphers 
autokey systems, 200-201 
Caesar, 198 
defined, 197 
Elgamal, 213-216 
Hill, 201 


Merkle-Hellman, 209-212 
Vigenére, 199-200 
Clavius, Christopher (1537-1612), 123 
Cogitata Physica-Mathematica (Mersenne), 
225 
coin flipping, remote, 367—370 
Cole, Frank Nelson (1861-1926), 226 


Cole Prize, 351, 352 
common divisors, 20—21 
common multiples, 29 
complete set of residues modulo n, 64 
composite numbers, 39, 305. See also 
factorization into primes; primality 
tests 
Computational Number Theory, 353 
computers in number theory 
cryptography and, 197, 205-206 
Mersenne primes and, 229-230 
prime number factorization and, 353 
congruences, 63-82. See also quadratic 
congruences 
basic properties, 63-67 
binomial, 164 
in Caesar cipher, 198 
check digits, 72—73 
Chinese Remainder Theorem, 79-81 
days of the week and, 123 
defined, 63 
indices for solving, 164-167 
linear in two variables, 81—82 
partition function and, 305 
to perfect squares, 100 
place-value notation systems, 69-71 
polynomial functions, 71-72 
simultaneous linear, 78—79 
single linear, 76-78 
congruent modulo n, defined, 63 
constant function f(n) = n, 107, 110 
continued fraction algorithm (irrational 
numbers), 326-328 
continued fraction factoring algorithm, 
357-360 
continued fractions, defined, 306. See also 
finite continued fractions; infinite 
continued fractions; Pell’s equation 
convergents of continued fractions 
finite continued fractions, 311-315, 
317-318 
infinite continued fractions, 321-322, 
325-326, 329-331, 332 
mw, 327-328 
Pell’s equation and, 336, 337-341 
A Course in Pure Mathematics (Hardy), 
350-351 
critical line of the zeta function, 376 
cryptography, 197-216 
defined, 197 


Elgamal system, 213-216 

knapsack problems, 208-209 

Merkle-Hellman knapsack system, 
209-212 

monoalphabetic systems, 197-198 

polyalphabetic systems, 198—201 

RSA system, 203-206 

Verman one-time pad system, 202-203 

Cunningham, Allen Joseph (1848-1928), 

229 


day of the week, determining, 123-126 
de Polignac, Alphonse (1817-1890), 58 
decimal number representation, 71 
deciphering/decrypting, defined, 197. See 
also cryptography 
decomposition into primes. See 
factorization into primes 
deficient numbers, 235 
denominator of Legendre symbol, 175 
Descartes, René (1596-1650) 
amicable pair discovery, 234 
citations, 235, 273 
Mersenne and, 217, 218 
Dickson, Leonard Eugene (1874-1954), 
278, 351 
difference of two squares, 269-270 
digital alphabet for RSA cryptosystem, 
203-204 
digital signatures, 215-216 
digits of a number, defined, 71 
Diophantine equations 
ax + by = c, 32-35 
ax + by + cz = d, 36-37 
defined, 32 
Fibonacci work on, 283 
linear congruences and, 76, 78 
linear in two unknowns, 32-35 
word problems, 35-37 
x? + y* = 2, 245-250 
x4 4 y* = 7, 252-253 
x* — y* = z*, 256-258 
x? 4+ y4* = z*, 253-254 
x” + y” = 2", 245-246, 254-255 
Diophantus of Alexandria (3rd century A.D.) 
biographical information, 32 
on sum of three squares, 273 
Dirichlet, Peter Gustav Lejeune 
(1805-1859) 
citations, 54, 172, 186, 375 
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Fermat’s Last Theorem work, 254 
pigeonhole principle, 264 
Dirichlet’s theorem, 54 
discrete logarithm problems, cryptography 
and, 213 
Disquisitiones Arithmeticae (Gauss) 
citations, 157, 163, 175, 354 
history of, 61, 63 
Quadratic Reciprocity Law, 186 
regular polygons, 237 
divergent series, 374-375 
divisibility theory, 13-38 
by 9 or 11, 71-72 
Diophantine equations, 32—37 
Division Algorithm, 17-19 
early number theory, 13-16 
Euclidean algorithm, 26-31 
greatest common divisor, 19-24 
Mersenne and, 218 
symbols for, 20 
Division Algorithm, 17-19 
divisors. See also number of divisors; sum 
of divisors 
common, 20-21 
defined, 20 
greatest common, 21, 24 
Mersenne numbers, 228—229 
from prime factorizations, 104—105 
double Wieferich primes, 258 


e (continued fractions representation), 
328-329 
early number theory, 13-16 
Eisenstein, Ferdinand Gottfried Max 
(1823-1852), 186 
El Madschriti of Madrid (11th century), 234 
An Elementary Proof of the Prime Number 
Theorem (Selberg), 378 
Eléments de Géométrie (Legendre), 175 
Elements (Euclid) 
Diophantine equations and, 32 
Euclidean algorithm, 26 
Euclid’s theorem, 45 
Fundamental Theorem of Arithmetic, 
39-40 
history of, 15 
Legendre revision of, 175 
perfect numbers work, 220 
translations of, 85 
Elgamal cryptosystem, 213-216 
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Elgamal, Taher (1955— ), 213 
Elkies, Noam, 279 
elliptic curves, 255 
enciphering/encrypting, defined, 197. See 
also cryptography 
enciphering exponent, 203, 204 
enciphering modulus, 203 
Encke, Johann Franz (1791-1865), 374 
e-prime numbers, 42 
equality, congruence and, 65 
Eratosthenes of Cyrene (c.276—c.194 B.c.), 
45, 346 
Erdés, Paul (1913-1996), 351-353 
Essai pour les Coniques (Pascal), 217 
Essai sur la Théorie des Nombres 
(Legendre), 175, 186, 373 
Euclid (c.300 B.c.) 
citations, 246 
early number theory, 15 
perfect numbers work, 220 
Euclidean algorithm 
defined, 26—28 
least common multiple and, 29-30 
more than two integers, 30-31 
number of steps, 28—29 
Euclidean numbers, 46 
Euclid’s lemma, 24 
Euclid’s theorem 
defined, 45—48 
Euler’s phi-function and, 134-135 
Euler, Leonhard (1707-1783) 
amicable pair work, 234, 235 
biographical information, 129-131, 262 
on Catalan equation, 258 
citations, 55, 57, 63, 87, 185, 221, 265, 
279 
e continued fractions representation, 
328 
Fermat numbers work, 237, 240 
Fermat’s Last Theorem work, 254 
Goldbach conjecture and, 51 
Mersenne numbers work, 225-226 
on odd perfect numbers, 231, 232 
mz symbol, 327 
Pell’s equation and, 336 
photo of, 130 
primitive roots for primes, 162 
proof of Fermat’s theorem, 87, 136 
sum of four squares, 273 
on triangular numbers, 15 


Waring’s problem, 351 
word problems, 38 
zeta function formula, 373 
Euler polynomial, 55-56 
Euler’s criterion 
citations, 180 
defined, 171-172 
Dirichlet’s proof of, 172-173 
Euler’s generalization of Fermat’s theorem 
applications of, 139-140 
defined, 137-138 
Fermat’s Little Theorem as proof of, 139 
Euler’s identity, 273, 277 
Euler’s phi-function $(n) 
defined, 131-132 
Euclid’s theorem and, 134-135 
as even integer, 134 
Gauss’ theorem and, 141-143 
MObius inversion formula and, 144-145 
as multiplicative function, 132, 133, 142 
sum of integers identity, 143 
table of, 407-408 
even numbers 
even-numbered convergents, 317-318, 321 
defined, 18 
Euler’s phi-function as, 134 
in Pythagorean triples, 247 
exponent 
enciphering, 203, 204 
of a prime in n! factorization, 117-118 
recovery, 204 
universal, 162 
to which a belongs modulo n, 147-150 


o(n ). See Euler’s phi-function 
factor bases, 360 
factorials, inductively defined, 5 
factorization into primes 
canonical form, 42 
computers and, 353 
continued fraction factoring algorithm, 
357-360 
divisors from, 104-105 
Euler’s phi-function and, 132, 134 
Fermat method, 97-101 
Fermat numbers, 240-242 
Fibonacci numbers, 287, 298-299 
Fundamental Theorem of Arithmetic, 40, 
41-42 
Kraitchik method, 100-101, 360 


Mersenne numbers, 226 
Pollard’s methods, 354-357 
quadratic sieve algorithm, 360-362 
remote coin flipping, 367-370 
RSA cryptosystem and, 203, 204, 
205-206 
factors (divisors), 20 
Faltings, Gerd, 254 
Fermat numbers 
defined, 236—237 
factorization into primes, 240-242, 353, 
356, 357, 360 
primality tests, 238-240 
regular polygons and, 237-238 
table of, 241 
Fermat, Pierre de (1601-1665) 
amicable pair discovery, 234 
biographical information, 85-87 
citations, 97, 98, 129, 228, 235 
Fermat numbers work, 236—237 
marginal notes, 245-246 
Mersenne correspondence, 218 
Pell’s equation and, 334—336 
photo of, 86 
primes as sums of two squares, 
265-267 
on Pythagorean triangles, 250, 257 
on sum of three squares, 273 
Fermat primes 
Fermat-Kraitchik factorization method, 
97-101, 360 
defined, 236 
regular polygons and, 237-238 
Fermat’s Last Theorem 
defined, 245-246 
history of proof of, 254—255 
x4 + y* = 2” case, 252-253 
x* — y* = z* case, 256-258 
x+ + y4 = z4 case, 253-254 
Fermat’s Little Theorem 
citations, 171, 172 
defined, 87—89 
Euler’s generalization of, 137-138, 
139-140 
Euler’s proof of, 87, 136 
falseness of converse of, 89-90 
Lucas’s converse of, 363—364 
Fermat’s method of infinite descent, 252, 
294, 258, 273, 335 
Fermat’s test for nonprimality, 362—363 
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Fibonacci (c.1170—after 1240) 
biographical information, 283-285 
citations, 286 
continued fractions, 306 
image of, 284 

Fibonacci numbers 
basic identities, 292—293 
Binet formula, 296—298 
continued fractions representation, 

310-311, 322 
defined, 284—286 
greatest common divisors of, 288-291 
prime factors of, 287, 298-299 
as relatively prime numbers, 286—288 
square/rectangle geometric deception, 
293-294 
table of, 294 
Zeckendorf representation, 295-296 

Fibonacci sequence, defined, 284, 285. See 

also Fibonacci numbers 

Fields Medal, 352, 378 

finite continued fractions 
convergents of, 311-315, 317-318 
defined, 306-307 
linear Diophantine equation solutions, 

315-317 
rational numbers as, 307-310 

first day of the month, determining, 125 

First Principle of Finite Induction, 2 

Frederick the Great (1712-1786), 130, 262 

Frénicle de Bessy, Bernhard (1605-1675), 

87, 334-336 
Friday the thirteenth, 126 
functions. See also Euler’s phi-function; 
multiplicative functions; 
number-theoretic functions 
greatest integer, 117, 119-121 
Liouville A-function, 116 
Mangoldt A-function, 116 
Mobius y-function, 112-113, 407-408 
polynomial, 55-57, 71-72 
prime-producing, 55-57 
7 (x) (prime counting function), 53, 
371-378 
zeta, 373, 376 
fundamental solution (Pell’s equation), 
343-344 
Fundamental Theorem of Algebra, 63 
Fundamental Theorem of Arithmetic, 
39-42 
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Galileo, Galilei (1564-1642), 218 
Gauss, Carl Friedrich (1777-1855) 
biographical information, 61—63 
citations, 163, 169, 242, 273, 354 
congruence concept, 63 
motto, 352 
notation methods, 94, 132 
photo of, 62 
on primitive roots, 157, 162 
(x) approximation, 374 
Quadratic Reciprocity Law work, 186 
17-sided polygon discovery, 62, 238 
Gauss’ lemma 
citations, 183 
defined, 179-181 
Quadratic Reciprocity Law and, 187 
Gauss’ theorem, 141-143 
Generalized Quadratic Reciprocity Law, 
192 
Germain primes, 182 
Germain, Sophie (1776-1831), 182 
Gershom, Levi ben (1288-1344), 258 
Girard, Albert (1595-1632), 63, 265, 286 
The Gold Bug (Poe), 198-199 
Goldbach, Christian (1690-1764) 
Euler and, 130 
Euler correspondence, 51 
on odd integers, 57 
Goldbach conjecture, 51-52 
greatest common divisor. See also 
Euclidean algorithm 
defined, 21, 24 
divisibility relations, 19-21 
Fibonacci numbers, 288-291 
least common multiple and, 30 


linear combination representation, 21—22 


more than two integers, 30-31 
relatively prime numbers, 22—23 
greatest integer function, 117, 119-121 
Gregorian calendar, 122—123 
Gregory XIII, Pope (1572-1585), 122 


Hadamard, Jacques-Salomon (1865-1963), 


376 
Hagis, Peter, 231 
Halley, Edmund (1656-1742), 92, 261 
Halley’s comet, 92 
Hardy, Godfrey Harold (1877-1947) 
biographical information, 349-351 
on Goldbach conjecture, 52 


on Littlewood’s 2 (x) approximation, 377 
photo of, 350 
Ramanujan collaboration, 272, 303-305, 
320 
Riemann hypothesis and, 376 
Hardy-Littlewood conjecture, 372-373, 
375 
harmonic mean H(n), 225 
Haselgrove, C. B., 353 
Hellman, Martin, 209 
highly composite numbers, 305 
Hilbert, David (1862-1943), 278, 350 
Hill cipher, 201 
Hill, Lester (1890-1961), 201 
History of the Theory of Numbers 
(Dickson), 351 
Holzmann, Wilhelm. See Xylander 
hundred fowls problem, 36—37 
Hurwitz, Alexander, 240, 333 
hypothesis, induction, 4 


Iamblichus of Chalcis (c.250—c.330 A.D.), 
234 
ideal numbers, 254 
identification numbers, check digits for, 
72-73 
identity function (f(n) = 1), 107, 110 
incongruence modulo n, 64, 76 
indeterminate problems. See puzzle 
problems 
indicator. See Euler’s phi-function 
indices (index of a relative to r) 
defined, 163-164 
solvability criterion, 166—167 
for solving congruences, 164-166 
induction. See mathematical induction 
induction hypothesis, 4 
induction step, 4 
infinite continued fractions 
continued fraction algorithm, 326-328 
defined, 319-322 
e representation, 328-329 
irrational numbers as, 323-326 
irrational numbers representation, 
329-331, 332 
m representation, 327-328, 329, 
331-332 
periodic, 322 
infinite descent, Fermat’s method of, 252, 
254, 258, 273, 335 


infinite series 
e representation, 328 
mz representation, 306 
partition function, 305 
infinitude of primes 
Dirichlet’s theorem and, 54 
Euclid’s theorem and, 45—48, 53 
Euler’s phi-function and, 134-135 
Euler’s zeta function and, 373 
Fermat numbers and, 238 
Fibonacci numbers and, 291 
of the form 8k — 1, 182 
Legendre symbol and, 177-178 
pseudoprimes, 92 
integer factorization. See factorization into 
primes 
integers. See numbers 
integral solutions (Pell’s equation), 345-346 
International Standard Book Numbers 
(ISBNs), 75 
Introductio Arithmeticae (Nichomachus), 
79, 219 
inverse of a modulo n, 77 
irrational numbers 
2,42 
e as, 328-329 
infinite continued fractions as, 323-326 
mw as, 329 
zeta function values, 373 
ISBNs Unternational Standard Book 
Numbers), 75 


Jacobi, Carl Gustav Jacob (1804-1851), 278 
Jensen, K. L., 254 
Julian calendar, 122, 123 


Kanold, Hans-Joachim, 231 
Kayal, Neeraj, 354 
keys for cryptosystems 
automatic, 200 
Elgamal system, 213-214 
Merkle-Hellman knapsack system, 
210-211, 212 
public-key systems, 203-204, 210-211, 
212, 213-214 
RSA cryptosystem, 203-204 
running, 200 
Verman system, 202 
Vigenére system, 199, 200 
knapsack problems 
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k-perfect numbers, 224 

cryptosystems using, 209-212 

defined, 208—209 
Kraitchik factorization method, 100-101, 

360 

Kraitchik, Maurice (1882-1957), 100 
Kronecker, Leopold (1823-1891), 1, 61 
Kulp, G. W., 198-199 
Kummer, Ernst Eduard (1810-1893), 254 


Lagrange, Joseph-Louis (1736-1813) 
biographical information, 261-263 
on odd integers, 57 
Pell’s equation and, 336 
photo of, 262 
Wilson’s theorem and, 94 
Lagrange’s four-square theorem, 263, 273, 
244 
Lagrange’s polynomial congruence 
theorem, 152-154, 162, 170 
L’Algebra Opera (Bombelli), 307 
Lambert, J. H. (1728-1777), 329 
Lamé, Gabriel (1795-1870) 
Euclidean algorithm work, 28 
Fermat’s Last Theorem work, 254 
Fibonacci numbers work, 288 
Landau, Edmund (1877-1938), 52 
Lander, L. J., 279 
Landry, Fortune, 239, 242 
Laplace, Pierre-Simon de (1749-1827), 63 
lattice points, in Quadratic Reciprocity Law 
proof, 186, 187 
leap years, 123, 124 
least absolute remainder, 28 
least common multiple, 29-30 
least nonnegative residues modulo n, 64 
least positive primitive root, 156, 393 
Lebesgue, V. A., 258 
Legendre, Adrien-Marie (1752-1833) 
amicable pair discovery, 234 
biographical information, 175 
citations, 273, 376 
continued fraction factoring algorithm, 
3571 
Fermat’s Last Theorem work, 254 
primitive roots for primes, 162 
(x) approximation, 373-374 
Quadratic Reciprocity Law work, 
185-186 
Legendre formula, 118 
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Legendre symbol (a/p) 
defined, 175-176 
infinitude of primes and, 177-178 
for odd integer a, 183-184 
primitive roots and, 181-182 
properties of, 176-179 
quadratic congruences with composite 
moduli, 189-190, 192-195 
Lehman, R. S., 353 
Lehmer, Derrick (1905-1991), 231 
Leibniz, Gottfried Wilhelm (1646-1716), 
87, 94 
length of period (continued fraction 
expansions), 322, 339 
Lenstra, W. Hendrik, Jr., 241 
Leonardo of Pisa. See Fibonacci 
Levi ben Gershom (1288-1344), 258 
Li (x) dogarithmic integral function), 374, 
376 
Liber Abaci (Fibonacci), 283, 284, 285, 
306 
Liber Quadratorum (Fibonacci), 283 
linear combination, defined, 21 
linear congruences 
defined, 76 
simultaneous, 78-79 
single, 76-78 
in two variables, 81—82 
linear Diophantine equations 
defined, 32—33 
finite continued fractions for solving, 
315-318 
solvability criteria, 33-35 
traditional word problems, 35-37 
Linnik, Y. V. (1915-1972), 278 
Liouville, Joseph (1809-1882), 278 
Liouville A-function, 116 
Littlewood, John E. (1885-1977) 
Goldbach conjecture and, 52, 53 
Hardy collaboration, 350-351, 372, 375 
(x) approximation, 377 
logarithmic integral function Li (x), 374, 
376 
Lucas, Edouard (1842-1891) 
Fermat numbers work, 240 
Fibonacci numbers and, 284, 288, 302 
primality tests, 226, 363 
search for larger Mersenne primes, 229 
Lucas numbers, 301 
Lucas sequence, 6 


Lucas-Lehmer test, 230-231 
Lucas’s Converse of Fermat’s Theorem, 
363-364 


McDaniel, Wayne, 231 
Mahaviracarya (9th century A.D.), 38 
Manasse, M. S., 241 
Mangoldt A-function, 116 
Mathematical Classic (Chang), 36 
mathematical induction, 1-6 
basis for induction, 4 
binomial theorem proof, 9-10 
Fermat’s method of infinite descent, 252, 
254, 258, 273, 335 
First Principle of Finite Induction, 2 
induction hypotheses, 4 
induction step, 4 
Second Principle of Finite Induction, 5—6 
Measurement of a Circle (Archimedes), 331 
Mécanique Analytique (Lagrange), 262 
Les Mécaniques de Galilée (Mersenne), 218 
Meditationes Algebraicae (Waring), 277 
Merkle-Hellman knapsack cryptosystem, 
209-212 
Merkle, Ralph, 209 
Mersenne, Marin (1588-1648) 
biographical information, 217-218 
citations, 97, 102, 237 
correspondence on amicable pairs, 
234 
Fermat correspondence, 265 
Mersenne numbers work, 225, 226 
photo of, 219 
Mersenne numbers 
defined, 225 
divisor properties, 228—229 
primality tests, 226, 227-228, 230-231 
search for larger numbers, 226, 229-230, 
231 
Mersenne primes 
defined, 225 
table of, 230 
Mertens conjecture, 115-116 
Mertens, Franz (1840-1927), 115 
Mihailescu, Preda, 258 
Miller-Rabin primality test, 365-366 
Mills, W. H. (1921— ), 57 
Mobius inversion formula 
defined, 113-115 
Euler’s phi-function and, 144-145, 155 


Mobius p-function, 112-113, 407-408 
modulo n (congruence) 
check digits and, 73 
defined, 63-64 
monoalphabetic cryptosystems, 197-198 
Monte Carlo factorization method, 354—356 
Morain, Francois, 241 
Morehead, J. C., 239, 240 
Morrison, Michael A., 240, 357, 360 
j-function (Mobius), 112-113, 407-408 
Miiller, Johannes. See Regiomontanus 
(1436-1476) 
multiples, defined, 20 
multiplicative functions 
defined, 107-108 
Euler’s phi-function as, 132, 133, 142 
MObius j-function as, 112, 144, 145 
t ando as, 108, 109-110 
multiplicative inverse of a modulo n, 77 
multiplicatively perfect numbers, 224 
multiply perfect numbers, 224 


natural numbers, defined, 1 
Newton’s identity, 10 
Nickel, Laura, 229 
Nicomachus of Gerasa (c.100 A.p.), 15, 79, 
219 
Noll, Curt, 229 
nonalphabetic cryptosystems, 202—203 
nonnegative residues modulo n, 64 
nonresidues, quadratic, 171, 172-173, 
178-179 
notation systems 
binary numbers, 69-71 
decimal numbers, 71 
finite continued fractions, 310 
infinite continued fractions, 321 
IT notation, 106-107 
> notation, 104, 109, 115 
number of divisors T(n) 
basic properties, 103—107 
greatest integer function and, 120 
as multiplicative function, 108, 
109-110 
table of, 407—408 
number-theoretic functions, 103-126. See 
also Euler’s phi-function 
calendar applications, 122-126 
defined, 103 
greatest integer function and, 119-121 
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MObius inversion formula, 112-116 

multiplicative functions, 107-110 

number of divisors, 103-107 

sum of divisors, 103—107 

numbers. See also composite numbers; 

Fermat numbers; Fibonacci numbers; 
Mersenne numbers; perfect numbers; 
prime numbers; relatively prime 
numbers 

absolute pseudoprime, 91, 363 

abundant, 235 

algebraic, 254 

amicable, 233 

Catalan, 12 

deficient, 235 

e-prime, 42 

Euclidean, 46 

even, 18, 134, 247 

Germain, 182 

highly composite, 305 

ideal, 254 

k-perfect, 224 

Lucas, 301 

multiplicatively perfect, 224 

multiply perfect, 224 

natural, defined, 1 

odd, 18, 160-162, 231-233, 247, 
394—403 

palindromes, 75 

Pell, 348 

pentagonal, 16 

pseudoprime, 90-92, 242 

regular prime, 254 

repunit, 48-49 

Skewes, 377 

square-free, 43, 91 

square-full, 43 

strong pseudoprime, 367 

superperfect, 225 

triangular, 15-16, 257, 295 

numerator of Legendre symbol, 175 


odd numbers 

odd-numbered convergents, 317-318, 321 
defined, 18 
perfect, 231-233 
prime factors, table of, 394-403 
primitive roots for, 160—162 
in Pythagorean triples, 247 

Odlyzko, Andrew M., 116 
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one-time pad cryptosystems 
Verman, 202—203 
Vigenére, 200 
Opera Mathematica (Wallis), 336 
order of a modulo n, 147—150 


IU 


continued fractions representation, 


327-328, 331-332 

decimal expansion of, 353 
infinite series representation, 306 
as irrational number, 329 

(x) (prime counting function) 
approximations of, 373-376 
defined, 371 
for p = an +), 53 


Prime Number Theorem proof and, 


375-378 
properties of, 371-373 
IT notation, 106—107 
pairs of quadratic residues, 171 
palindromes, 75 
Parkin, Thomas, 279 
partial denominators, 307, 310 
partial quotients, 310 
partition theory, 304—305 
Pascal, Blaise (1623-1662) 
mathematical induction work, 10 
scholarly gatherings, 217, 218 
Pascal’s rule, 8 
Pascal’s triangle, 9 
Pell, John (1611-1685), 336 
Pell numbers, 348 
Pell’s equation 
continued fraction expansions, 
337-341 
fundamental solution, 343-344 
history of, 334-336, 346 
integral solutions, 345-346 
positive solutions, 337, 342-343, 
344-345 
pentagonal numbers, 16 
Pepin, Théophile (1826-1904), 238 
Pepin’s test, 238-240 
perfect numbers 
defined, 219—220 
discovery of larger numbers, 226, 
229-230, 231 
final digits of, 223 


general form, 220—222 
odd, 231-233 
period (continued fraction expansions), 322, 
338, 339 
periodic continued fractions, 322, 
338-340 
personal identification numbers, check 
digits for, 72-73 
Peter the Great (1672-1725), 130 
phi-function $(n). See Euler’s phi-function 
Piazzi, Giuseppi (1746-1826), 63 
pigeonhole principle, 264 
place-value notation systems, 69-71 
plaintext, 197 
Plutarch (c.46—after 119 a.p.), 15 
Pocklington, Henry (1870-1952), 364 
Pocklington’s theorem, 364-365 
Poe, Edgar Allan (1809-1849), 198-199 
Polignac, Alphonse de (1817-1890), 58 
Pollard, John M. 
citations, 240, 241 
p — i factorization method, 356-357 
tho factorization method, 354—356 
Pélya conjecture, 353 
Pélya, George (1888-1985), 353 
polyalphabetic cryptosystems, 198-201 
polygons, 62, 237-238 
polynomial congruences 
divisibility tests, 71-72 
Lagrange’s theorem and, 152-154 
positive solutions (Pell’s equation), 337, 
342-343, 344-345 
powerful numbers, 43 
Powers, R. E., 229 
primality tests 
computers and, 229-230 
efficient algorithms for, 354 
Fermat’s Little Theorem methods, 89, 
362-365 
Mersenne numbers, 226, 227-228, 
230-231 
Miller-Rabin test, 365—366 
Pepin’s test, 238-240 
Wilson’s theorem, 95 
prime factors. See factorization into primes 
Prime Number Theorem 
arithmetic proofs of, 352, 378 
complex proofs of, 375-377 
defined, 371 


INDEX 431 


prime numbers, 39-57. See also infinitude Proth, E., 367 


of primes; pseudoprime numbers pseudoprime numbers, 90-92, 242, 363 
arithmetic progressions of, 54—55, 90, public-key cryptosystems 
375 defined, 203 
defined, 39 Elgamal system, 213-216 
double Wieferich, 258 Merkle-Hellman knapsack system, 
Euclid’s theorem, 45-48 209-212 
of the form 3n + 1, 53 RSA system, 203-206 
of the form 4n + 1, 53, 54, 177-178, 188, puzzle problems 
265-267 cattle, 346 
of the form 4n + 3, 53-54, 188, 264, congruences, 79-80 
267-268 Diophantine equations, 35—37 
of the form 8k — 1, 181 hundred fowls, 36—37 
of the form 8k + 1/3/5/7, 181 square/rectangle geometric deception, 
of the form an + b, 53 293-294 
of the form k2” + 1, 240, 242 Pythagoras (c.580—c.500 B.c.) 
of the form n! + 1, 96 citations, 235, 246 
of the form p* + 1, 46 early number theory, 13-14 
Fundamental Theorem of Arithmetic, on irrational numbers, 42 
39-42 on triangular numbers, 15 
gaps between, 50-51 Pythagorean triangles, 250, 257 
Germain, 182 Pythagorean triples, 246, 247-249 
Goldbach conjecture, 51—52 Pythagoreans 
length of intervals, 377—378 amicable pairs and, 234 
prime-producing functions, 55—57 history of, 14 
primitive roots, 154-157 number classification, 42 
repunit, 48—49 on perfect numbers, 219, 221 
sieve of Eratosthenes, 44—45 
as sum of four squares, 275-277 quadratic congruences 
tables of, 404-406 in Blum’s coin flipping game, 
twin, 50, 375, 406 367-369 
prime-producing functions, 55—57 with composite moduli, 189-190, 
prime-triplets, 58 192-195 
primers (autokey cryptosystems), 200 indices for solving, 164—165 
primitive Pythagorean triples primitive roots, 155-156 
defined, 246 Quadratic Reciprocity Law and, 
properties of, 247-249 189-190 
table of, 249 simplification of, 169-170 
primitive roots solvability criteria, 192, 194, 195 


composite numbers, 158-162 
cryptography application, 213 
defined, 150-151 
Legendre symbol and, 181-182 
number of, 151 
prime numbers, 154—157 
tables of, 156, 393 
probabilistic primality tests, 366 
progressions of numbers. See arithmetic 
progressions of numbers 


Wilson’s theorem and, 95-96 


quadratic nonresidues 


defined, 171 
Euler’s criterion, 172—173 
Legendre symbol and, 178-179 


Quadratic Reciprocity Law 


defined, 186 
generalized, 192 

history of, 169, 185-186 
properties of, 188-190 
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quadratic residues 
defined, 171 
Euler’s criterion, 171-173 
Legendre symbol and, 178-179 
sum of four squares problem and, 275 
quadratic sieve factoring algorithm, 
360-362 
quadrivium, 13 
quotients, 17 


o factorization method, 354-356 
radius of inscribed circle of Pythagorean 
triangles, 250 
Ramanujan, Srinivasa Aaiyangar 
(1887-1920) 
biographical information, 303-306 
fraction expansions, 320 
photo of, 304 
sum of two cubes, 272 
Ramanujan’s conjecture, 305 
rational numbers 
as finite continued fractions, 307—310 
as irrational numbers approximation, 
329-331 
“Recherches d’ Analyse Indéterminée” 
(Legendre), 175 
recovery exponent, 204 
rectangle/square Fibonacci number 
problem, 293-294 
recursive sequences, 286 
reduced set of residues modulo n, 141 
Regiomontanus (1436-1476), 83, 85, 279 
Regius, Hudalrichus (fl. 1535), 222 
regular polygons, 62, 237-238 
regular prime numbers, 254. See also prime 
numbers 
relatively prime numbers 
convergent numerators and denominators 
as, 314-315 
defined, 22—23 
Fermat numbers as, 238 
Fibonacci numbers as, 286—288 
multiplicative property and, 107 
in Pythagorean triples, 247 
remainder, 17, 28 
remote coin flipping, 367-370 
representation of integers 
difference of two squares, 269-270 
sum of four squares, 263, 273-277 


sum of three squares, 272-273 
sum of two squares, 264-269 
Waring’s problem, 277-279, 350-351 
Zeckendorf, 295-296 
repunit numbers, 48-49 
residues 
complete set, 64 
least nonnegative, 64 
quadratic, 171-173, 178-179, 275 
reduced set, 141 
rho factorization method, 354-356 
Riemann, Georg Friedrich Bernhard 
(1826-1866), 375-376 
Riemann hypothesis, 376 
Rivest, Ronald L., 203 
RSA-129 cryptosystem, 206 
RSA-576 cryptosystem, 206 
RSA public-key cryptosystem, 203-206 
Rudolff, Christoff (fl. 1526), 38 
running keys, 200 


o(n). See sum of divisors 
> notation 
defined, 104 
multiplicative property and, 109, 115 

Saxena, Nitin, 354 

Second Principle of Finite Induction, 5—6 

seeds (autokey cryptosystems), 200 

Selberg, Atle (1917-), 352, 378 

Selfridge, John, 240 

Shamir, Adir, 203, 212 

sieve of Eratosthenes, 44—45 

signatures for encrypted messages, 
215-216 

simple finite continued fractions, defined, 
307. See also finite continued fractions 

simple infinite continued fractions, defined, 
321, 322. See also infinite continued 
fractions 

simultaneous linear congruences, 78—79 

single linear congruences, 76-78 

Skewes number, 377 

Skewes, S., 377 

smallest positive primitive roots, 156, 393 

sociable chains, 236 

Sophia Dorothea (Queen Mother of 
Prussia), 130 

square-free numbers, 43, 91 

square-full numbers, 43 


square/rectangle Fibonacci number 
problem, 293-294 
square roots (continued fractions method), 
307 
Steuerwald, R., 231 
strong pseudoprime numbers, 367 
subset sum problems. See knapsack 
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Uber die Anzahl der Primzahlen unter einer 
gegebenen Grosse (Riemann), 375 

uniqueness of infinite continued fractions, 
323-324, 326 
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Utriusque Arithmetices (Regius), 222 


Vallée-Poussin, Charles-Jean de la 
(1866-1962), 376 

Verman cryptosystem, 202-203 

Verman, Gilbert S., 202 

Vigeneére, Blaise de (1523-1596), 199, 
200 

Vigenére cryptosystem, 199-200 
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a divides b 
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